anji-plus AJ-Report Auth Bypass via Swagger-UI Param
CVE-2024-7314 Published on August 2, 2024

anji-plus AJ-Report Authentication Bypass
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

NVD

Vulnerability Analysis

CVE-2024-7314 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. An automatable proof of concept (POC) exploit exists. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.


Products Associated with CVE-2024-7314

stack.watch emails you whenever new vulnerabilities are published in Anji Plus Report or Anji Plus Aj Report. Just hit a watch button to start following.

Anji Plus Report
 
Anji Plus Aj Report
 

Affected Versions

anji-plus AJ-Report: anji-plus report:

Exploit Probability

EPSS
74.58%
Percentile
98.88%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.