Vulnerability Database

314,433

Total vulnerabilities in the database

CVE-2024-58298

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute arbitrary commands by sending POST requests to the uploaded JSP endpoint.

Published: Dec 11, 2025
Updated: Dec 14, 2025
CVE: CVE-2024-58298
Exploit:

No technical information available.

CWEs:

CWE-434

Affected Software
References

No affected software listed.

https://www.bmc.com/
https://www.bmc.com/support
https://www.exploit-db.com/exploits/51991
https://www.vulncheck.com/advisories/compuware-istrobe-web-pre-auth-remote-code-execution-via-file-upload

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo