Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
ZIE for Web Transmits Sensitive User Session Info in URLs
CVE-2025-59873
Summary
A security issue in ZIE for Web version 16 allows an attacker to steal user session tokens and hijack user sessions by accessing network logs or a linked website. This could lead to unauthorized access to sensitive user data. To protect against this, ensure that sensitive information is not transmitted in URLs.
Original title
An information exposure vulnerability exists in
Vulnerability in HCL Software ZIE for Web.
The application transmits sensitive session tokens and authentication identifiers within the URL query p...
Original description
An information exposure vulnerability exists in
Vulnerability in HCL Software ZIE for Web.
The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the application can hijack user sessions
This issue affects ZIE for Web: v16.
Vulnerability in HCL Software ZIE for Web.
The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the application can hijack user sessions
This issue affects ZIE for Web: v16.
nvd CVSS3.1
5.9
Vulnerability type
CWE-598
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026