Microsoft SharePoint Server Code Injection Vulnerability

Added March 26, 2024 • Due April 16, 2024 • CVE-2023-24955

Overdue Microsoft / SharePoint Server Known Ransomware Use CWE-94

Description

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955
https://nvd.nist.gov/vuln/detail/CVE-2023-24955

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 4 months, 1 week ago