9.8
CVE-2025-59872
- EPSS 0.45%
- Veröffentlicht 17.06.2026 12:32:58
- Zuletzt bearbeitet 26.06.2026 15:13:47
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Zie For Web Version16.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.362 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@hcl.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131549