Vulnerability Description
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute arbitrary commands by sending POST requests to the uploaded JSP endpoint.
Related Weaknesses (CWE)
References
- https://www.bmc.com/
- https://www.bmc.com/support
- https://www.exploit-db.com/exploits/51991
- https://www.vulncheck.com/advisories/compuware-istrobe-web-pre-auth-remote-code-
FAQ
What is CVE-2024-58298?
CVE-2024-58298 is a documented vulnerability. Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file u...
How severe is CVE-2024-58298?
CVSS scoring is not yet available for CVE-2024-58298. Check NVD for updates.
Is there a patch for CVE-2024-58298?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.