CVE-2024-58298

UNKNOWN 0.0

Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute arbitrary commands by sending POST requests to the uploaded JSP endpoint.

CWE	CWE-434
Vendor	bmc software
Product	compuware istrobe web
Published	Dec 11, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for bmc software compuware istrobe web

Be the first to know when new unknown vulnerabilities affecting bmc software compuware istrobe web are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

BMC Software / Compuware iStrobe Web

20.13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51991 bmc.com: https://www.bmc.com/ bmc.com: https://www.bmc.com/support vulncheck.com: https://www.vulncheck.com/advisories/compuware-istrobe-web-pre-auth-remote-code-execution-via-file-upload

Credits

trancap, Guest