Arbitrary file upload in Bmc Software Compuware Istrobe Web

CVE-2024-58298

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the '…

Vulnerability class: Unrestricted File Upload

EPSS: 0.007 (49.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References