Arbitrary file upload in Bmc Software Compuware Istrobe Web
CVE-2024-58298
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the '…
Vulnerability class: Unrestricted File Upload
EPSS: 0.007 (49.3th percentile) — read the EPSS interpretation.
Affected products
- Bmc Software Compuware Istrobe Web — versions 20.13
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)