PT-2025-50752 · Compuware · Compuware Istrobe Web Version 20.13
Guest
+1
·
Published
2025-12-11
·
Updated
2025-12-11
·
CVE-2024-58298
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Compuware iStrobe Web version 20.13
Description
The software contains a pre-authentication remote code execution issue. Unauthenticated attackers can upload malicious JSP files through a path traversal flaw in the file upload form. Exploitation involves sending POST requests to the uploaded JSP endpoint, utilizing the
fileName parameter to upload a web shell and execute arbitrary commands.Recommendations
Apply updates to address the path traversal issue in the file upload form.
Restrict access to the file upload functionality.
Monitor network traffic for suspicious POST requests targeting the JSP endpoint.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Compuware Istrobe Web Version 20.13