{"vulnerability": "CVE-2024-57971", "sightings": [{"uuid": "92acafd3-fcdd-4b33-b611-950bb4b0d984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "seen", "source": "https://t.me/cvedetector/18180", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57971 - Knowage DataSourceResource JNDI Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-57971 \nPublished : Feb. 16, 2025, 4:15 a.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-16T07:05:19.000000Z"}, {"uuid": "d0dd4859-9f2c-446c-bdcb-7675d5faaab7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114011532176024665", "content": "", "creation_timestamp": "2025-02-16T03:52:00.710612Z"}, {"uuid": "fa834128-b25e-49db-abbf-82aa47407921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3libeogjmwv2n", "content": "", "creation_timestamp": "2025-02-16T04:15:35.590352Z"}, {"uuid": "a85a825e-aa40-4aef-9dad-6398a4203558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114011754542458798", "content": "", "creation_timestamp": "2025-02-16T04:48:33.867039Z"}, {"uuid": "660f1d8f-5910-4789-a818-e07b5b1a75b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3libq5cg7sj2m", "content": "", "creation_timestamp": "2025-02-16T07:40:46.120232Z"}, {"uuid": "c781cd4b-f039-4f26-8bf0-bd056e9a8d6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lic6mzt3g525", "content": "", "creation_timestamp": "2025-02-16T12:00:06.801645Z"}, {"uuid": "ca84b46c-1682-42da-afd8-a023bde11546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4577", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57971\n\ud83d\udd25 CVSS Score: 8.8 (CVSS_V3)\n\ud83d\udd39 Description: DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.\n\ud83d\udccf Published: 2025-02-16T06:31:45Z\n\ud83d\udccf Modified: 2025-02-16T06:31:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-57971\n2. https://github.com/KnowageLabs/Knowage-Server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c\n3. https://github.com/KnowageLabs/Knowage-Server/compare/v8.1.29...v8.1.30\n4. https://spagobi.readthedocs.io", "creation_timestamp": "2025-02-16T07:12:27.000000Z"}, {"uuid": "b62dad19-f47d-4ddd-b997-f1c1ca7ea0b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "seen", "source": "https://t.me/TheDarkWebInformer/12759", "content": "\ud83d\udea8Critical Security Vulnerability in DataSourceResource.java of Knowage Server affects the SpagoBI API support.\n\n\ud83c\udd94 CVE-2024-57971\n\ud83d\udca3 CVSS Score: 9.1\n\ud83d\udcc5 Published Date: 25/02/15\n\u26a0\ufe0f Details: An authenticated attacker with high privileges could manipulate JNDI resource identifiers, potentially leading to: - Unauthorized access to system resources - Data manipulation - Potential full system compromise The vulnerability has a critical CVSS score of 9.1, indicating severe risks to confidentiality, integrity, and availability.\n\nNIST: https://nvd.nist.gov/vuln/detail/CVE-2024-57971", "creation_timestamp": "2025-02-16T20:19:41.000000Z"}, {"uuid": "114a4732-5353-47b4-9c9c-1e96c8afc867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4574", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57971\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-16T04:15:23.077\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/KnowageLabs/Knowage-Server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c\n2. https://github.com/KnowageLabs/Knowage-Server/compare/v8.1.29...v8.1.30\n3. https://spagobi.readthedocs.io", "creation_timestamp": "2025-02-16T05:11:31.000000Z"}, {"uuid": "42a6e7a8-25d9-46b6-9712-0f8d5d44bd9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8341", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57971\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.\n\ud83d\udccf Published: 2025-02-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T13:48:38.429Z\n\ud83d\udd17 References:\n1. https://github.com/KnowageLabs/Knowage-Server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c\n2. https://spagobi.readthedocs.io\n3. https://github.com/KnowageLabs/Knowage-Server/compare/v8.1.29...v8.1.30\n4. https://github.com/darumaseye/CVEs/blob/ec2de9f7ecffde466e687745bfdfc672e86241d7/CVE-2024-57971.md", "creation_timestamp": "2025-03-21T14:19:14.000000Z"}, {"uuid": "c44fa08d-c5d2-46d6-a423-cd5ebd8af6f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/114015180291677641", "content": "", "creation_timestamp": "2025-02-16T19:19:47.483094Z"}, {"uuid": "3621917e-1d8d-476a-b022-57ab8e27985e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lidguieorj27", "content": "", "creation_timestamp": "2025-02-17T00:00:05.813713Z"}, {"uuid": "86861ff5-3713-4d80-9cad-02e16a29b44d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57971", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:44.000000Z"}]}