Severity Level: High
Title:
Microsoft SharePoint Vulnerability (CVE-2024-38094)
Summary:
Vulnerability Details:
The vulnerability, tracked as CVE-2024-38094, has been described as a deserialization vulnerability impacting SharePoint that could result in remote code execution.
An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.
Recommendations:
This security update contains fixes for the following nonsecurity issues in SharePoint Server Subscription Edition:
- Fixes an issue in which you cannot copy the content from Google Docs and paste it into a text web part on a modern page.
- Fixes an issue in which the ListView Command Set extension doesn't work in debugging mode.
- Fixes an issue in which the bulk edit operation fails in a flat view of the document library.
- Fixes an issue in which the Button web part loses the URL between page edits.
References:
click here