Lucene search

[email protected]NVD:CVE-2024-7314

HistoryAug 02, 2024 - 5:16 p.m.

CVE-2024-7314

2024-08-0217:16:41

CWE-280

[email protected]

web.nvd.nist.gov

anji-plus

aj-report

authentication bypass

http requests

remote attacker

unauthenticated

arbitrary java

victim server

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.1%

JSON

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append “;swagger-ui” to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.

Affected configurations

Nvd

Node

anji-plusreportRange<1.4.1

VendorProductVersionCPE
anji-plusreport*cpe:2.3:a:anji-plus:report:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
anji-plus	report	*	cpe:2.3:a:anji-plus:report::::::::

References

gitee.com/anji-plus/report/pulls/166/files

github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077

github.com/yuebusao/AJ-REPORT-EXPLOIT

vulncheck.com/advisories/aj-report-swagger

xz.aliyun.com/t/14460

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.1%

JSON

Related for NVD:CVE-2024-7314

vulnrichment1 cvelist1 cve1