CNVD-2024-15077 Scanner

AJ-Report is an open-source data visualization platform extensively used by organizations to represent data insights in a big screen format. Developed by Anji-Plus, it allows users to create comprehensive reports and dashboards with ease. The software is typically utilized in environments where real-time data monitoring is crucial such as enterprise settings, financial institutions, and educational environments. AJ-Report facilitates seamless data reporting and visualization, making it integral for decision-makers and analysts. Its flexibility and open-source nature allow for substantial customization, which is highly valued by developers. This platform is a key asset for businesses aiming to optimize their data-driven strategies.

Remote Code Execution (RCE) vulnerabilities enable attackers to execute arbitrary code on a remote system. When these vulnerabilities exist, malicious actors can manipulate inputs to trigger the execution of unauthorized commands. Such weaknesses are critical because they permit attackers not just to breach security controls, but also to completely take over affected systems. RCE exploits often occur via parameters that are insufficiently sanitized, leading to severe security breaches. Typically, RCE vulnerabilities can be exploited through specially crafted input data, HTTP requests, or dynamic content captures. Mitigating these vulnerabilities requires diligent input validation and strict access controls to prevent unauthorized command execution.

In the AJ-Report platform, the vulnerability is found in the `validationRules` parameter, which is exploited using the POST method. The attacker can send malicious Java code within this parameter to a specific endpoint to initiate the execution. This typically involves leveraging Java's `ProcessBuilder` to execute system commands and retrieve sensitive information. The vulnerability lies in the failure to properly validate and sanitize the inputs received by this parameter. The implementation permits the inclusion of unauthorized scripts, leading up to a critical breach. Consequently, attacks exploiting this could lead to complete system compromise depending on the permissions held by the executing process.

Exploitation of the identified Remote Code Execution vulnerability can allow attackers unauthorized access and control over the system. Attackers could leverage this to gain server permissions, deface data screens, or perform disruptive activities. This unchecked command execution could facilitate data theft, introduction of malware, or be part of larger lateral attacks within an enterprise network. Systems could be leveraged for illicit mining, distributed denial of service attacks, or as part of a botnet. Moreover, such exploitations undermining the system's integrity could lead to reputational damage and significant financial losses. Immediate remediation is imperative to prevent such security breaches and to protect confidential assets.

REFERENCES

• https://github.com/wy876/POC/blob/main/AJ-Report%E5%BC%80%E6%BA%90%E6%95%B0%E6%8D%AE%E5%A4%A7%E5%B1%8F%E5%AD%98%E5%9C%A8%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
• https://github.com/vulhub/vulhub/blob/master/aj-report/CNVD-2024-15077/README.md