CVE-2025-59873

MEDIUM

HCL ZIE for Web v16 - Info Disclosure

Title source: llm

Description

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the application can hijack user sessions This issue affects ZIE for Web: v16.

References (1)

[Various Sources] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128902

Scores

CVSS v3 5.9

EPSS 0.0001

EPSS Percentile 2.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-598

Status published

Products (1)

HCL Software/ZIE for Web v16

Published Feb 23, 2026

Tracked Since Feb 23, 2026