Pierluigi Paganini October 23, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft SharePoint Deserialization Vulnerability CVE-2024-38094 (CVSS v4 score: 7.2) to its Known Exploited Vulnerabilities (KEV) catalog.

An attacker with Site Owner permissions can exploit a vulnerability to inject and execute arbitrary code on SharePoint Server.

“An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.” reads the advisory published by Microsoft.

The vulnerability is due to an input validation error in the SharePoint Server Search component. An unauthenticated user could exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable SharePoint server. This could allow the attacker to execute arbitrary code on the server, potentially taking over the system.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by November 12, 2024.

This week, U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog.

ScienceLogic SL1 contains a vulnerability related to a third-party component. It has been fixed in versions 12.1.3+, 12.2.3+, and 12.3+, with patches available for older versions back to 10.1.x.

On September 24, 2024, cloud hosting provider Rackspace reported an issue with its ScienceLogic EM7 monitoring tool. A threat actor exploited a zero-day vulnerability in a non-Rackspace utility bundled with the ScienceLogic application. The security breach exposed low-sensitivity performance monitoring data, including customer usernames, account info, and encrypted internal credentials. Rackspace helped ScienceLogic address this issue. The patch is now available to all customers, and the company notified the impacted customers.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)