CVE-2022-44754

Опубликовано: 19 дек. 2022

Источник: nvd

CVSS3: 9.8

CVSS3: 7.8

EPSS Низкий

Описание

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
Third Party Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*

cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03926

Низкий

9.8 Critical

CVSS3

7.8 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

GHSA-x3vq-hc76-j6fw

CVSS3: 7.8

github

около 3 лет назад

IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.

EPSS

Процентиль: 88%

0.03926

Низкий

9.8 Critical

CVSS3

7.8 High

CVSS3

Дефекты

CWE-787