CVE-2023-47460

Name of the Vulnerable Software and Affected Versions Knovos Discovery version 22.67.0

Description A SQL injection issue allows a remote attacker to execute arbitrary code via the "/DiscoveryProcess/Service/Admin.svc/getGridColumnStructure" component. This enables the attacker to potentially access and manipulate sensitive data.

Recommendations For Knovos Discovery version 22.67.0, consider restricting access to the "/DiscoveryProcess/Service/Admin.svc/getGridColumnStructure" component until a patch is available. As a temporary workaround, avoid using this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.