CVE-2024-7314

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

70.1%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Technical Details

Published
8/2/2024

Frequently Asked Questions

What is CVE-2024-7314?

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Is CVE-2024-7314 actively exploited?

Active exploitation of CVE-2024-7314 has not been confirmed. The EPSS score is 70.1%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-7314?

CVE-2024-7314 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2024-7314 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.