CVE-2022-44755

Опубликовано: 19 дек. 2022

Источник: nvd

CVSS3: 9.8

CVSS3: 7.8

EPSS Низкий

Описание

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
Third Party Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp10if10:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:10.0.1:fp6:*:*:*:*:*:*

cpe:2.3:a:hcltech:notes:10.0.1:fp7:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03926

Низкий

9.8 Critical

CVSS3

7.8 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

GHSA-78jw-247w-7prv

CVSS3: 7.8

github

около 3 лет назад

IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.

EPSS

Процентиль: 88%

0.03926

Низкий

9.8 Critical

CVSS3

7.8 High

CVSS3

Дефекты

CWE-787