The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a new vulnerability, CVE-2024-38094, to its Known Exploited Vulnerabilities Catalog. This Microsoft SharePoint deserialization vulnerability has been actively exploited, posing significant risks to organizations.
The catalog, established under Binding Operational Directive 22-01, is a critical resource for identifying high-risk vulnerabilities requiring immediate remediation. Federal Civilian Executive Branch (FCEB) agencies must address these vulnerabilities by the specified deadlines, but CISA encourages all organizations to adopt similar practices to mitigate risks and strengthen their cybersecurity posture.
For more details on this vulnerability and mitigation recommendations, visit CISA's official advisory.