CVE-2024-57971
CRITICALKNOWAGE < 8.1.30 - Resource Injection via JNDI Name Manipulation
Title source: llmDescription
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.
References (4)
Core 4
Core References
Various Sources
https://spagobi.readthedocs.io
Scores
CVSS v3
9.1
EPSS
0.0067
EPSS Percentile
47.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-99
Status
published
Products (1)
eng/KNOWAGE
< 8.1.30
Published
Feb 16, 2025
Tracked Since
Feb 18, 2026