CVE-2023-7305
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-11-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| smartbi | smartbi | 8 |
| smartbi | smartbi | 10 |
| smartbi | smartbi | 9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-7305 is a critical vulnerability in SmartBI versions 8, 9, and 10 that allows attackers to upload files without proper restrictions via the RMIServlet endpoint. This flaw enables attackers to send specially crafted requests that bypass authentication and invoke arbitrary Java methods on the server, potentially leading to remote code execution (RCE). The vulnerability arises from insufficient validation in the request handling logic, specifically in the authentication checks and the dynamic invocation of service module methods, allowing attackers to execute sensitive operations or arbitrary code remotely. [3, 4]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution on the host running SmartBI, allowing attackers to perform sensitive operations, compromise data confidentiality, integrity, and availability. It can lead to full system compromise, data breaches, and disruption of business intelligence services. The vulnerability has been actively exploited by the Rondo botnet, increasing the risk to affected systems. [3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and testing the /smartbi/vision/RMIServlet endpoint for unauthorized or specially crafted POST requests that invoke arbitrary class methods without proper authentication. A detection approach involves sending crafted POST requests targeting the RMIServlet with parameters such as className, methodName, and params to check if the server executes them without authentication. For example, a test command using curl could be: curl -X POST http://<target>/smartbi/vision/RMIServlet -d "className=UserService&methodName=isLogged¶ms=[]" If the response indicates successful invocation without authentication, the system is vulnerable. Additionally, monitoring network traffic for unusual POST requests to this endpoint or unexpected method invocations can help detect exploitation attempts. [4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the official patch released by the vendor in July 2023 that fixes the unrestricted file upload and authentication bypass issues in the RMIServlet. If patching is not immediately possible, restrict access to the /smartbi/vision/RMIServlet endpoint via network controls such as firewall rules or web application firewall (WAF) rules to block unauthorized or suspicious requests. Additionally, monitor for exploitation attempts, disable or limit the use of vulnerable Smartbi versions (V8, V9, V10), and consider deploying intrusion detection systems to alert on suspicious activity targeting this endpoint. [3, 4]