WEB Microsoft SharePoint Workflow AccessServicesListEventReceiver Insecure Deserialization (CVE-2024-43464) state 1-F/Flow
Rule ID
1236161
Severity
High
Description
An insecure deserialization vulnerability has been reported for Microsoft SharePoint. This vulnerability is due to improper input validation of the workflow rules file generated based on an Access data macro of an uploaded Access template file. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of code in the security context of the server process.
Impact
Remote code execution
Recommendation
Update vendor's patch.
IPS Category
Web threats
IPS Anomaly Group
N/A
IPS Rule Default Action
Allow
References
Keywords
N/A
Date Created
2025/01/13
Last Updated
2025/12/24
This website uses cookies to ensure you get the best experience on our website.
Learn more