{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T04:47:30.232","vulnerabilities":[{"cve":{"id":"CVE-2025-59873","sourceIdentifier":"psirt@hcl.com","published":"2026-02-23T11:16:21.080","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An information exposure vulnerability exists in\n\nVulnerability in HCL Software ZIE for Web.\n\nThe application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the application can hijack user sessions\n\nThis issue affects ZIE for Web: v16."},{"lang":"es","value":"Hay una vulnerabilidad de exposición de información en HCL Software ZIE for Web.\n\nLa aplicación transmite tokens de sesión sensibles e identificadores de autenticación dentro de los parámetros de consulta de la URL. Un atacante que obtiene acceso a cualquier registro de red o que opera un sitio enlazado desde la aplicación puede secuestrar sesiones de usuario.\n\nEste problema afecta a ZIE for Web: v16."}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-598"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128902","source":"psirt@hcl.com"}]}}]}