QwikSec

Security Database

CVE

CWE

Training

CVE-2024-58298

Published: Dec 11, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute arbitrary commands by sending POST requests to the uploaded JSP endpoint.

Vendor	Product	Versions
BMC Software	Compuware iStrobe Web	affected `20.13`

Weaknesses (CWE)

References

ExploitDB-51991

exploit

BMC Compuware iStrobe Web Homepage

BMC Compuware iStrobe Web Support Page

product

https://www.vulncheck.com/advisories/compuware-istrobe-web-pre-auth-remote-code-execution-via-file-upload

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.