CVE-2023-47460 is a high-severity SQL injection vulnerability identified in Knovos Discovery version 22.67.0. The vulnerability exists in the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component, which is part of the web service interface. An attacker with at least low privileges (PR:L) can remotely exploit this vulnerability without requiring user interaction (UI:N). The vulnerability allows the attacker to inject malicious SQL commands, potentially leading to arbitrary code execution on the underlying database or server. This can compromise the confidentiality, integrity, and availability of the affected system. The CVSS 3.1 base score of 8.8 reflects the high impact and relatively low complexity of exploitation, with network attack vector (AV:N), low attack complexity (AC:L), and no user interaction needed. The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), a common and critical web application security flaw. No patches or known exploits in the wild have been reported yet, but the risk remains significant due to the potential for remote code execution and the critical nature of the affected component.

For European organizations using Knovos Discovery 22.67.0, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to sensitive legal or discovery data, data corruption, or full system compromise. Given that Knovos Discovery is often used in legal and compliance contexts, a breach could result in severe regulatory penalties under GDPR due to data exposure or loss of data integrity. The ability to execute arbitrary code remotely increases the risk of lateral movement within networks, potentially affecting other critical systems. The lack of required user interaction means attacks can be automated and launched at scale, increasing the threat surface. Additionally, disruption of discovery processes could impact legal proceedings and business operations, causing reputational damage and financial losses.

Organizations should immediately identify any deployments of Knovos Discovery version 22.67.0 and isolate affected systems from untrusted networks. Since no official patch is currently available, implement strict network-level controls such as firewall rules to restrict access to the /DiscoveryProcess/Service/Admin.svc endpoint to trusted administrators only. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting this service. Conduct thorough input validation and sanitization on all user inputs interacting with the affected component, if possible through configuration or custom code. Monitor logs for suspicious SQL queries or unusual access patterns. Engage with the vendor for updates and patches, and plan for rapid deployment once available. Additionally, perform regular backups of critical data and test incident response plans to quickly contain and remediate potential breaches.