What is CVE-2024-57971?

CVE-2024-57971 is a critical-severity vulnerability in Eng Knowage, classified under Resource Injection. CVSS score: 9.1/10. Published 2025-02-16.

How severe is CVE-2024-57971?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Eng Knowage

CVE-2024-57971

DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.

EPSS: 0.000 (10.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Eng Knowage — versions 0

Weakness classification (CWE)

CWE-99 — Resource Injection

References

github.com/KnowageLabs/Knowage-Server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d…
spagobi.readthedocs.io
github.com/KnowageLabs/Knowage-Server/compare/v8.1.29...v8.1.30
github.com/darumaseye/CVEs/blob/ec2de9f7ecffde466e687745bfdfc672e86241d7/CVE-20…

Frequently asked questions

What is CVE-2024-57971?: CVE-2024-57971 is a critical-severity vulnerability in Eng Knowage, classified under Resource Injection. CVSS score: 9.1/10. Published 2025-02-16.
How severe is CVE-2024-57971?: Critical severity. CVSS v3 base score is 9.1 out of 10.