cvelistv5 - cve-2022-44755

CVE-2022-44755 (GCVE-0-2022-44755)

Vulnerability from cvelistv5 – Published: 2022-12-17 01:57 – Updated: 2025-04-17 14:31

Summary

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

HCL

References

URL

Tags

https://support.hcltechsw.com/csm?id=kb_article&s…

Impacted products

	Vendor	Product	Version
	HCL Software	Notes	Affected: 9, 10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:01:31.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-44755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T14:31:22.656586Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T14:31:34.058Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Notes",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "9, 10"
            }
          ]
        }
      ],
      "datePublic": "2022-12-16T23:41:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.  This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \u0026nbsp;This vulnerability applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.  This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-05T05:58:57.684Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2022-44755",
    "datePublished": "2022-12-17T01:57:45.446Z",
    "dateReserved": "2022-11-04T21:08:23.515Z",
    "dateUpdated": "2025-04-17T14:31:34.058Z",
    "requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"978E309F-453B-4D9D-8D15-5A6919E8D178\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C984E7E-ADF7-4F52-9CE1-A6F1E05A4140\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAD49650-9091-4706-9CAF-51BABDFB94CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp10if10:*:*:*:*:*:*\", \"matchCriteriaId\": \"4315DC11-745E-4518-9F7E-5D09FB360DE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CE02BCC-5280-4065-8CD9-0BC2A2821335\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF1C4C44-7B5E-4405-9F49-B85957E88760\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CAA8D2D-7A27-49B5-87D2-740E6EB286A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5778563-769B-40A2-8830-E64A5F18CE3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B69E327-0C81-4233-9791-DD50F66E9293\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*\", \"matchCriteriaId\": \"331AD3B5-8D54-469A-873C-73AF93BC35DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*\", \"matchCriteriaId\": \"E492968F-C1CC-4383-8393-EDB0DDA174C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C8AF686-0BD4-4961-B924-481E328F67B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E035716B-05DD-4948-BD13-77F9CDA135E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*\", \"matchCriteriaId\": \"35A89BAC-438D-4A9E-8FCD-B0D4CD03ED23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*\", \"matchCriteriaId\": \"98498BC3-0A35-446A-8BDC-562EF02E037E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*\", \"matchCriteriaId\": \"D78AA096-1E76-4B24-B17D-9796E49B0D0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB478F5B-E6C1-48B2-A0AB-25790E26272A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8041656D-55C6-4932-AA1F-77D9B1A22C80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2266AD0F-D804-4BFC-B8E9-050F6AE6C9AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*\", \"matchCriteriaId\": \"750709DB-28CC-49B2-98E4-0C4167705487\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*\", \"matchCriteriaId\": \"96AD0DB0-75C7-4B2C-845C-AC7DE89A8F1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2815AB94-D387-4057-AAE9-39336CC4D871\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D19D5B99-E0BA-4E22-BA16-762114EFC89B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*\", \"matchCriteriaId\": \"676D3DC9-FAE5-4E46-857B-B3AC5DCD70F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BA224FC-B056-45F2-BF74-8B39F44FE522\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3F6F4DA-EC68-42C2-93A1-99DBAC00F63B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CB80E9D-E53D-4461-A71B-61A1615E9422\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C65A591-435C-40D0-8512-AE3304AA948B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B3F9411-8D5B-43E5-9DA9-E0C615ED7557\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*\", \"matchCriteriaId\": \"76E45481-36F9-4522-91A4-4D3FD9F6AB6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A177BC67-EBE8-4487-BC45-D42ED6AFA3B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"847B0ACB-6B84-4D45-B30F-A930A226E14D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E36EE406-5355-422B-B1AE-6349DCDBF872\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFA1279C-D6E4-47D4-9D40-F39EC9C31E12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F0771C5-5F44-4563-BEFF-0DCEABE5452A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"980BB9E6-810B-4288-8667-0291BFFDCB9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BECE3D7-F8C4-4065-8CCC-E9CF70CD6943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:10.0.1:fp6:*:*:*:*:*:*\", \"matchCriteriaId\": \"96B957B0-AF4B-4E9E-8DB7-7B938C115B13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:notes:10.0.1:fp7:*:*:*:*:*:*\", \"matchCriteriaId\": \"55AF7599-1EBB-472C-8F2E-C006269EFDAD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.  This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \\u00a0This vulnerability applies to software previously licensed by IBM.\\n\"}, {\"lang\": \"es\", \"value\": \"HCL Notes es susceptible a una vulnerabilidad de desbordamiento de b\\u00fafer en la regi\\u00f3n stack de la memoria en lasr.dll en Micro Focus KeyView. Esto podr\\u00eda permitir que un atacante remoto no autenticado bloquee la aplicaci\\u00f3n o ejecute c\\u00f3digo arbitrario a trav\\u00e9s de un archivo Lotus Ami Pro manipulado. Esto es diferente de la vulnerabilidad descrita en CVE-2022-44751. \\u00c2 Esta vulnerabilidad se aplica al software con licencia previa de IBM.\"}]",
      "id": "CVE-2022-44755",
      "lastModified": "2024-11-21T07:28:26.180",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@hcl.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2022-12-19T11:15:11.140",
      "references": "[{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260\", \"source\": \"psirt@hcl.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "psirt@hcl.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-44755\",\"sourceIdentifier\":\"psirt@hcl.com\",\"published\":\"2022-12-19T11:15:11.140\",\"lastModified\":\"2025-04-17T15:15:49.913\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.  This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \u00a0This vulnerability applies to software previously licensed by IBM.\\n\"},{\"lang\":\"es\",\"value\":\"HCL Notes es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en lasr.dll en Micro Focus KeyView. Esto podr\u00eda permitir que un atacante remoto no autenticado bloquee la aplicaci\u00f3n o ejecute c\u00f3digo arbitrario a trav\u00e9s de un archivo Lotus Ami Pro manipulado. Esto es diferente de la vulnerabilidad descrita en CVE-2022-44751. \u00c2 Esta vulnerabilidad se aplica al software con licencia previa de IBM.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"978E309F-453B-4D9D-8D15-5A6919E8D178\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C984E7E-ADF7-4F52-9CE1-A6F1E05A4140\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAD49650-9091-4706-9CAF-51BABDFB94CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp10if10:*:*:*:*:*:*\",\"matchCriteriaId\":\"4315DC11-745E-4518-9F7E-5D09FB360DE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CE02BCC-5280-4065-8CD9-0BC2A2821335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF1C4C44-7B5E-4405-9F49-B85957E88760\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CAA8D2D-7A27-49B5-87D2-740E6EB286A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5778563-769B-40A2-8830-E64A5F18CE3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B69E327-0C81-4233-9791-DD50F66E9293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*\",\"matchCriteriaId\":\"331AD3B5-8D54-469A-873C-73AF93BC35DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492968F-C1CC-4383-8393-EDB0DDA174C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C8AF686-0BD4-4961-B924-481E328F67B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E035716B-05DD-4948-BD13-77F9CDA135E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35A89BAC-438D-4A9E-8FCD-B0D4CD03ED23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*\",\"matchCriteriaId\":\"98498BC3-0A35-446A-8BDC-562EF02E037E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D78AA096-1E76-4B24-B17D-9796E49B0D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB478F5B-E6C1-48B2-A0AB-25790E26272A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8041656D-55C6-4932-AA1F-77D9B1A22C80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2266AD0F-D804-4BFC-B8E9-050F6AE6C9AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*\",\"matchCriteriaId\":\"750709DB-28CC-49B2-98E4-0C4167705487\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*\",\"matchCriteriaId\":\"96AD0DB0-75C7-4B2C-845C-AC7DE89A8F1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2815AB94-D387-4057-AAE9-39336CC4D871\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D19D5B99-E0BA-4E22-BA16-762114EFC89B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*\",\"matchCriteriaId\":\"676D3DC9-FAE5-4E46-857B-B3AC5DCD70F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BA224FC-B056-45F2-BF74-8B39F44FE522\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3F6F4DA-EC68-42C2-93A1-99DBAC00F63B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CB80E9D-E53D-4461-A71B-61A1615E9422\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C65A591-435C-40D0-8512-AE3304AA948B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B3F9411-8D5B-43E5-9DA9-E0C615ED7557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*\",\"matchCriteriaId\":\"76E45481-36F9-4522-91A4-4D3FD9F6AB6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A177BC67-EBE8-4487-BC45-D42ED6AFA3B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"847B0ACB-6B84-4D45-B30F-A930A226E14D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E36EE406-5355-422B-B1AE-6349DCDBF872\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFA1279C-D6E4-47D4-9D40-F39EC9C31E12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F0771C5-5F44-4563-BEFF-0DCEABE5452A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"980BB9E6-810B-4288-8667-0291BFFDCB9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BECE3D7-F8C4-4065-8CCC-E9CF70CD6943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:10.0.1:fp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"96B957B0-AF4B-4E9E-8DB7-7B938C115B13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:notes:10.0.1:fp7:*:*:*:*:*:*\",\"matchCriteriaId\":\"55AF7599-1EBB-472C-8F2E-C006269EFDAD\"}]}]}],\"references\":[{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260\",\"source\":\"psirt@hcl.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:01:31.319Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-44755\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-17T14:31:22.656586Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-17T14:31:29.423Z\"}}], \"cna\": {\"title\": \"HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"HCL Software\", \"product\": \"Notes\", \"versions\": [{\"status\": \"affected\", \"version\": \"9, 10\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2022-12-16T23:41:00.000Z\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.  This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \\u00a0This vulnerability applies to software previously licensed by IBM.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eHCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.  This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \u0026nbsp;This vulnerability applies to software previously licensed by IBM.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"shortName\": \"HCL\", \"dateUpdated\": \"2023-01-05T05:58:57.684Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-44755\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-17T14:31:34.058Z\", \"dateReserved\": \"2022-11-04T21:08:23.515Z\", \"assignerOrgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"datePublished\": \"2022-12-17T01:57:45.446Z\", \"requesterUserId\": \"c5fdcef9-195e-4b4c-a893-a114640ac0a4\", \"assignerShortName\": \"HCL\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2022-44755

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-44755

Aliases

CVE-2022-44755

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-44755",
    "description": "IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.",
    "id": "GSD-2022-44755"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-44755"
      ],
      "details": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.",
      "id": "GSD-2022-44755",
      "modified": "2023-12-13T01:19:25.340146Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@hcl.com",
        "ID": "CVE-2022-44755",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Notes",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "9, 10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "HCL Software"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260",
            "refsource": "MISC",
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:10.0.1:fp6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:10.0.1:fp7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@hcl.com",
          "ID": "CVE-2022-44755"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-01T15:59Z",
      "publishedDate": "2022-12-19T11:15Z"
    }
  }
}

FKIE_CVE-2022-44755

Vulnerability from fkie_nvd - Published: 2022-12-19 11:15 - Updated: 2025-04-17 15:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@hcl.com	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260	Third Party Advisory

Impacted products

Vendor	Product	Version
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	9.0.1
hcltech	notes	10.0.1
hcltech	notes	10.0.1
hcltech	notes	10.0.1
hcltech	notes	10.0.1
hcltech	notes	10.0.1
hcltech	notes	10.0.1
hcltech	notes	10.0.1
hcltech	notes	10.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "978E309F-453B-4D9D-8D15-5A6919E8D178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "2C984E7E-ADF7-4F52-9CE1-A6F1E05A4140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*",
              "matchCriteriaId": "DAD49650-9091-4706-9CAF-51BABDFB94CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if10:*:*:*:*:*:*",
              "matchCriteriaId": "4315DC11-745E-4518-9F7E-5D09FB360DE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*",
              "matchCriteriaId": "6CE02BCC-5280-4065-8CD9-0BC2A2821335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*",
              "matchCriteriaId": "CF1C4C44-7B5E-4405-9F49-B85957E88760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*",
              "matchCriteriaId": "8CAA8D2D-7A27-49B5-87D2-740E6EB286A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*",
              "matchCriteriaId": "A5778563-769B-40A2-8830-E64A5F18CE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*",
              "matchCriteriaId": "6B69E327-0C81-4233-9791-DD50F66E9293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*",
              "matchCriteriaId": "331AD3B5-8D54-469A-873C-73AF93BC35DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*",
              "matchCriteriaId": "E492968F-C1CC-4383-8393-EDB0DDA174C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*",
              "matchCriteriaId": "2C8AF686-0BD4-4961-B924-481E328F67B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*",
              "matchCriteriaId": "E035716B-05DD-4948-BD13-77F9CDA135E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*",
              "matchCriteriaId": "35A89BAC-438D-4A9E-8FCD-B0D4CD03ED23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*",
              "matchCriteriaId": "98498BC3-0A35-446A-8BDC-562EF02E037E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*",
              "matchCriteriaId": "D78AA096-1E76-4B24-B17D-9796E49B0D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*",
              "matchCriteriaId": "BB478F5B-E6C1-48B2-A0AB-25790E26272A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*",
              "matchCriteriaId": "8041656D-55C6-4932-AA1F-77D9B1A22C80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*",
              "matchCriteriaId": "2266AD0F-D804-4BFC-B8E9-050F6AE6C9AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*",
              "matchCriteriaId": "750709DB-28CC-49B2-98E4-0C4167705487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*",
              "matchCriteriaId": "96AD0DB0-75C7-4B2C-845C-AC7DE89A8F1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*",
              "matchCriteriaId": "2815AB94-D387-4057-AAE9-39336CC4D871",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*",
              "matchCriteriaId": "D19D5B99-E0BA-4E22-BA16-762114EFC89B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*",
              "matchCriteriaId": "676D3DC9-FAE5-4E46-857B-B3AC5DCD70F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*",
              "matchCriteriaId": "3BA224FC-B056-45F2-BF74-8B39F44FE522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*",
              "matchCriteriaId": "D3F6F4DA-EC68-42C2-93A1-99DBAC00F63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*",
              "matchCriteriaId": "3CB80E9D-E53D-4461-A71B-61A1615E9422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*",
              "matchCriteriaId": "1C65A591-435C-40D0-8512-AE3304AA948B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*",
              "matchCriteriaId": "3B3F9411-8D5B-43E5-9DA9-E0C615ED7557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*",
              "matchCriteriaId": "76E45481-36F9-4522-91A4-4D3FD9F6AB6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*",
              "matchCriteriaId": "A177BC67-EBE8-4487-BC45-D42ED6AFA3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "847B0ACB-6B84-4D45-B30F-A930A226E14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "E36EE406-5355-422B-B1AE-6349DCDBF872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "CFA1279C-D6E4-47D4-9D40-F39EC9C31E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4F0771C5-5F44-4563-BEFF-0DCEABE5452A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "980BB9E6-810B-4288-8667-0291BFFDCB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "8BECE3D7-F8C4-4065-8CCC-E9CF70CD6943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "96B957B0-AF4B-4E9E-8DB7-7B938C115B13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:notes:10.0.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "55AF7599-1EBB-472C-8F2E-C006269EFDAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.  This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. \u00a0This vulnerability applies to software previously licensed by IBM.\n"
    },
    {
      "lang": "es",
      "value": "HCL Notes es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en lasr.dll en Micro Focus KeyView. Esto podr\u00eda permitir que un atacante remoto no autenticado bloquee la aplicaci\u00f3n o ejecute c\u00f3digo arbitrario a trav\u00e9s de un archivo Lotus Ami Pro manipulado. Esto es diferente de la vulnerabilidad descrita en CVE-2022-44751. \u00c2 Esta vulnerabilidad se aplica al software con licencia previa de IBM."
    }
  ],
  "id": "CVE-2022-44755",
  "lastModified": "2025-04-17T15:15:49.913",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "psirt@hcl.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-19T11:15:11.140",
  "references": [
    {
      "source": "psirt@hcl.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
    }
  ],
  "sourceIdentifier": "psirt@hcl.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2022-2396

Vulnerability from csaf_certbund - Published: 2022-12-22 23:00 - Updated: 2022-12-22 23:00

Summary

HCL Notes: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Notes ist eine Groupware Software, die unter anderem auch als E-Mail Programm genutzt wird.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL Notes ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder einen Denial of Service zu verursachen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Notes ist eine Groupware Software, die unter anderem auch als E-Mail Programm genutzt wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL Notes ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren oder einen Denial of Service zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-2396 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2396.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-2396 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2396"
      },
      {
        "category": "external",
        "summary": "HCL vom 2022-12-16",
        "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
      }
    ],
    "source_lang": "en-US",
    "title": "HCL Notes: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2022-12-22T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:40:31.687+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-2396",
      "initial_release_date": "2022-12-22T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-12-22T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HCL Notes \u003c 10.0.1 FP8",
                "product": {
                  "name": "HCL Notes \u003c 10.0.1 FP8",
                  "product_id": "T025635",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltech:notes:10.0.1_fp8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "HCL Notes \u003c 9.0.1 FP10 IF11",
                "product": {
                  "name": "HCL Notes \u003c 9.0.1 FP10 IF11",
                  "product_id": "T025702",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltech:notes:9.0.1_fp10_if11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Notes"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-44755",
      "notes": [
        {
          "category": "description",
          "text": "In HCL Notes existieren mehrere Schwachstellen. In der \"Micro Focus KeyView\" Komponente kommt es unter bestimmten Umst\u00e4nden in \"lasr.dll\" und \"wp6sr.dll\" zu staplelbasierten Puffer\u00fcberl\u00e4ufen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Anwendung zum Absturz zu bringen oder beliebigen Code \u00fcber eine manipulierte Lotus Ami Pro-, oder WordPerfect- Datei auszuf\u00fchren."
        }
      ],
      "release_date": "2022-12-22T23:00:00.000+00:00",
      "title": "CVE-2022-44755"
    },
    {
      "cve": "CVE-2022-44753",
      "notes": [
        {
          "category": "description",
          "text": "In HCL Notes existieren mehrere Schwachstellen. In der \"Micro Focus KeyView\" Komponente kommt es unter bestimmten Umst\u00e4nden in \"lasr.dll\" und \"wp6sr.dll\" zu staplelbasierten Puffer\u00fcberl\u00e4ufen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Anwendung zum Absturz zu bringen oder beliebigen Code \u00fcber eine manipulierte Lotus Ami Pro-, oder WordPerfect- Datei auszuf\u00fchren."
        }
      ],
      "release_date": "2022-12-22T23:00:00.000+00:00",
      "title": "CVE-2022-44753"
    },
    {
      "cve": "CVE-2022-44751",
      "notes": [
        {
          "category": "description",
          "text": "In HCL Notes existieren mehrere Schwachstellen. In der \"Micro Focus KeyView\" Komponente kommt es unter bestimmten Umst\u00e4nden in \"lasr.dll\" und \"wp6sr.dll\" zu staplelbasierten Puffer\u00fcberl\u00e4ufen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Anwendung zum Absturz zu bringen oder beliebigen Code \u00fcber eine manipulierte Lotus Ami Pro-, oder WordPerfect- Datei auszuf\u00fchren."
        }
      ],
      "release_date": "2022-12-22T23:00:00.000+00:00",
      "title": "CVE-2022-44751"
    }
  ]
}

GHSA-78JW-247W-7PRV

Vulnerability from github – Published: 2022-12-19 12:30 – Updated: 2022-12-22 21:30

Details

IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-44755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-19T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.",
  "id": "GHSA-78jw-247w-7prv",
  "modified": "2022-12-22T21:30:31Z",
  "published": "2022-12-19T12:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44755"
    },
    {
      "type": "WEB",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100260"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-44755 (GCVE-0-2022-44755)

GSD-2022-44755

FKIE_CVE-2022-44755

WID-SEC-W-2022-2396

GHSA-78JW-247W-7PRV

Tags

Sightings

Nomenclature