> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Smartbi is a popular business intelligence (BI) platform that provides data integration, analysis, and visualization tools to help organizations make data-driven decisions.
Recently, Smartbi released a security patch addressing a serious access bypass vulnerability.
Chaitin Techβs emergency response team analyzed the flaw and found that many internet-facing systems remain unpatched. To support defenders, harmless X-POC remote scanners and CloudWalker local detection tools have been released for public use.
Vulnerability Description
Under specific conditions, Smartbi improperly exposes user tokens.
Attackers can exploit this to obtain administrator privileges, effectively taking over the BI backend without valid authentication.
Detection Tools
X-POC Remote Detection
Command:
xpoc -r 405 -t <target URL>
Download:
CloudWalker Local Detection
Command:
smartbi_address_authorization_bypass_vuln_scanner_windows_amd64.exe
Download:
Affected Versions
- Smartbi β€ V10
Solutions
Temporary Mitigation
Restrict external access using network ACLs β for example, only allow connections from trusted IP ranges.
Permanent Fix
Smartbi has released an official patch, available via both online updates and offline installers:
π Smartbi Patch Info
Product Support
- Yuntu: Default fingerprint recognition & PoC detection supported
- Dongjian: Supports detection via custom PoC
- SafeLine WAF: Virtual patch released to block exploitation attempts
- Quanxi: Rule updates released to detect exploitation attempts
-
CloudWalker: Users on management platform
23.05.001+
can download the emergency vulnerability intel pack (EMERVULN-23.07.031) for detection. Older versions are not supported.
Timeline
- July 28 β Vulnerability reported to Chaitin Tech
- July 31 β Chaitin Emergency Lab analyzed and reproduced the issue
- Aug 1 β Chaitin Security Response Center published advisory
References
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (0)