CVE-2023-24955: Microsoft SharePoint Server Code Injection Vulnerability.
Microsoft SharePoint Server Code Injection Vulnerability. Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
- CISA KEV-listed (remediation due 2024-04-16)
- used in ransomware campaigns
- EPSS 91.8% (99.7% percentile)