GobyVuls/Smartbi DB2 JDBC Arbitrary Code Execution Vulnerability.md at 360451c7a8ffb1a2b15f8edeaf183ece7c080d3c - GobyVuls - 临风笛

admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 10:41:40 +00:00

Goby 65771f74e8

Create Smartbi DB2 JDBC Arbitrary Code Execution Vulnerability.md

2023-03-30 19:34:21 +08:00

1.1 KiB

Raw Blame History

Smartbi DB2 JDBC Arbitrary Code Execution Vulnerability

Vulnerability	Smartbi DB2 JDBC Arbitrary Code Execution Vulnerability
Chinese name	Smartbi DB2 JDBC 任意代码执行漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	[(body="gcfutil = jsloader.resolve('smartbi.gcf.gcfutil')")
Number of assets affected	291
Description	Smartbi is a business intelligence BI software launched by Smart Software, which meets the development stage of BI products.
Impact	There is an unauthorized access background interface vulnerability between Smartbi V7 and V10.5.8. Combining DB2 JDBC exploitation and bypassing defense checks can lead to JNDI injection vulnerabilities, executing arbitrary code, and obtaining server privileges.