anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 25 Sep 2025 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-280

Thu, 25 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-288

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.79351}

epss

{'score': 0.84565}


Tue, 17 Sep 2024 16:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other

Wed, 07 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Anji-plus
Anji-plus report
CPEs cpe:2.3:a:anji-plus:report:*:*:*:*:*:*:*:*
Vendors & Products Anji-plus
Anji-plus report
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-09-25T18:25:29.543Z

Reserved: 2024-07-30T20:15:25.496Z

Link: CVE-2024-7314

cve-icon Vulnrichment

Updated: 2024-08-07T15:51:18.034Z

cve-icon NVD

Status : Modified

Published: 2024-08-02T17:16:41.400

Modified: 2025-09-25T19:15:42.040

Link: CVE-2024-7314

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.