Smartbi Access Bypass Flaw Enables Full Admin Compromise

> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.

Smartbi is a popular business intelligence (BI) platform that provides data integration, analysis, and visualization tools to help organizations make data-driven decisions.

Recently, Smartbi released a security patch addressing a serious access bypass vulnerability.

Chaitin Tech’s emergency response team analyzed the flaw and found that many internet-facing systems remain unpatched. To support defenders, harmless X-POC remote scanners and CloudWalker local detection tools have been released for public use.

Vulnerability Description

Under specific conditions, Smartbi improperly exposes user tokens.

Attackers can exploit this to obtain administrator privileges, effectively taking over the BI backend without valid authentication.

Detection Tools

X-POC Remote Detection

Command:

xpoc -r 405 -t <target URL>

Download:

• https://github.com/chaitin/xpoc
• https://stack.chaitin.com/tool/detail?id=1036

CloudWalker Local Detection

Command:

smartbi_address_authorization_bypass_vuln_scanner_windows_amd64.exe

Download:

• https://stack.chaitin.com/tool/detail?id=1209

Affected Versions

• Smartbi ≤ V10

Solutions

Temporary Mitigation

Restrict external access using network ACLs — for example, only allow connections from trusted IP ranges.

Permanent Fix

Smartbi has released an official patch, available via both online updates and offline installers:
🔗 Smartbi Patch Info

Product Support

• Yuntu: Default fingerprint recognition & PoC detection supported
• Dongjian: Supports detection via custom PoC
• SafeLine WAF: Virtual patch released to block exploitation attempts
• Quanxi: Rule updates released to detect exploitation attempts
• CloudWalker: Users on management platform 23.05.001+ can download the emergency vulnerability intel pack (EMERVULN-23.07.031) for detection. Older versions are not supported.

Timeline

• July 28 – Vulnerability reported to Chaitin Tech
• July 31 – Chaitin Emergency Lab analyzed and reproduced the issue
• Aug 1 – Chaitin Security Response Center published advisory

References

• Smartbi Official Patch Info

Join the SafeLine Community

If you continue to experience issues, feel free to contact SafeLine support for further assistance.

• GitHub Repository
• Official Docs
• Discord Community