Lucene search
VulnCheckCVE-2024-7314HistoryAug 02, 2024 - 5:16 p.m.
CVE-2024-7314
2024-08-0217:16:41
CWE-280
VulnCheck
web.nvd.nist.gov
13
anji-plus aj-report
authentication bypass
vulnerability
http requests
java
remote attacker
unauthenticated
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.001
Percentile
31.1%
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append “;swagger-ui” to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.
Affected configurations
Node
anji-plusreportRange<1.4.1
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "AJ-Report",
"vendor": "anji-plus",
"versions": [
{
"lessThan": "1.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-7314 anji-plus AJ-Report Authentication Bypass
2024-08-02 16:33:54
nvd
nvd
CVE-2024-7314
2024-08-02 17:16:41
cvelist
cvelist
CVE-2024-7314 anji-plus AJ-Report Authentication Bypass
2024-08-02 16:33:54
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.001
Percentile
31.1%
Related for CVE-2024-7314