Knowage Server <8.1.30 JNDI Validation Flaw
CVE-2024-57971 Published on February 16, 2025

DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.

NVD

Weakness Type

What is an Insecure Direct Object Reference Vulnerability?

The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

CVE-2024-57971 has been classified to as an Insecure Direct Object Reference vulnerability or weakness.

Affected Versions

eng KNOWAGE:

Before 8.1.30 is affected.

Exploit Probability

EPSS

0.04%

Percentile

10.85%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Knowage Server <8.1.30 JNDI Validation FlawCVE-2024-57971 Published on February 16, 2025

Weakness Type

What is an Insecure Direct Object Reference Vulnerability?

Affected Versions

Exploit Probability

Knowage Server <8.1.30 JNDI Validation Flaw
CVE-2024-57971 Published on February 16, 2025