Cyber Resilience

CVE-2024-7314

CriticalPublic PoC

Published: 02 August 2024

Published
02 August 2024
Modified
20 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7458 98.9th percentile
Risk Priority 64 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7314 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Anji-Plus Report. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

anji-plus AJ-Report contains an authentication bypass vulnerability tracked as CVE-2024-7314. The flaw allows a remote attacker to append the string ";swagger-ui" to HTTP requests, which circumvents authentication controls and permits execution of arbitrary Java code on the server. The issue carries a CVSS 3.1 score of 9.8 and is associated with CWE-288.

A remote unauthenticated attacker can exploit the weakness over the network without user interaction to gain full control of the affected AJ-Report instance, including the ability to read, modify, or delete data and execute operating-system commands. The same technique has been packaged in public proof-of-concept code.

Exploitation of the vulnerability was observed in the wild by the Shadowserver Foundation on 2025-02-05 UTC. The EPSS score reached a peak of 0.7458 and remains at that level, indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on…

more

2025-02-05 UTC.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2024-7314 is an authentication bypass in a public-facing web application (anji-plus AJ-Report) that allows unauthenticated remote attackers to append ';swagger-ui' to requests, gaining access to execute arbitrary Java code (RCE), directly enabling exploitation of public-facing applications.

Affected Assets

anji-plus
report
≤ 1.4.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-288

Authorizing remote access reduces the ability to bypass authentication via unauthorized alternate remote channels.

addresses: CWE-288

Users can identify logons via alternate paths or channels by reviewing the previous logon time.

addresses: CWE-288

Adaptive requirements can apply across access paths, reducing the ability to bypass authentication via alternate channels or paths.

addresses: CWE-288

Centralized IdPs close alternate authentication paths that enable bypass.

addresses: CWE-288

Enforces authentication for non-organizational users, making it harder to bypass via alternate paths or channels.

addresses: CWE-288

Requires authentication to occur exclusively over the isolated trusted path, directly preventing bypass via alternate or untrusted channels.

References