> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Introduction
Smartbi is a business intelligence platform that helps organizations integrate, analyze, and visualize data for decision-making.
Recently, security researchers from Chaitin Tech discovered and reported a Remote Code Execution (RCE) vulnerability in Smartbi.
The flaw stems from a logic bypass that allows attackers to execute arbitrary code on the server without authentication. Unfortunately, many instances exposed on the internet remain unpatched.
To help defenders, weβve released two free detection tools:
- X-POC for remote proof-of-concept testing
- CloudWalker for local harmless scanning
Both are now publicly available.
Vulnerability Description
The issue allows an attacker to directly call backend APIs without authentication and execute crafted payloads. This could lead to full system compromise, including remote command execution.
Detection Tools
1. X-POC Remote Detection Tool
Run the following command to check your target:
./xpoc -r 399 -t http://xpoc.org
Download here:
2. CloudWalker Local Detection Tool
Run locally for harmless scanning:
smartbi_remote_code_execution_vuln_scanner_windows_amd64.exe
Download here:
Affected Versions
- Smartbi v8 (some versions)
- Smartbi v9, v10 (all versions)
Mitigation & Fix
Temporary Workarounds
- Deploy WAF solutions like SafeLine or Quanxi β both natively block exploitation attempts without extra configuration.
- Restrict external access β avoid exposing Smartbi services directly to the public internet.
Permanent Fix
Smartbi has released official patch packages (supporting both online and offline installation).
Download here: Smartbi Patch Info
Product Support
- Yuntu: Fingerprint recognition + PoC-based detection supported
- Dongjian: Supports custom PoC detection for this vuln
- SafeLine WAF: Natively detects and blocks exploitation attempts
- Quanxi: Default support for this vulnerability
- CloudWalker: Users with platform version β₯ 23.05.001 can update via EMERVULN-23.06.011 package for full detection support
Timeline
- May 17 β Vulnerability discovered by Chaitin researchers
- May 19 β Reported to regulatory authority
- July 3 β Official vendor patch released
- July 3 β Public advisory issued by Chaitin Tech
Conclusion
The Smartbi RCE vulnerability highlights the critical importance of patching business-critical applications quickly.
If youβre running Smartbi, update immediately β and in the meantime, use SafeLine WAF or similar solutions to block exploitation attempts in the wild.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (0)