A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency (CISA). CISA added the deserialization vulnerability, tracked as CVE-2024-38094, to its Known Exploited Vulnerabilities Catalog and noted that it’s “unknown”

Source: The Register