CVE-2022-44754

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-44754
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.  This vulnerability applies to software previously licensed by IBM.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151 Third Party Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*
History

21 Nov 2024, 07:28

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8 		v2 : unknown
v3 : 9.8
Summary
  • (es) HCL Domino es susceptible a una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en lasr.dll en Micro Focus KeyView. Esto podría permitir que un atacante remoto no autenticado bloquee la aplicación o ejecute código arbitrario a través de un archivo Lotus Ami Pro manipulado. Esto es diferente de la vulnerabilidad descrita en CVE-2022-44750. A esta vulnerabilidad se aplica al software con licencia previa de IBM.
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151 - Third Party Advisory () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151 - Third Party Advisory
Information

Published : 2022-12-19 11:15

Updated : 2025-04-17 16:15

NVD link : CVE-2022-44754

Mitre link : CVE-2022-44754

CVE.ORG link : CVE-2022-44754

JSON object : View

Products Affected

hcltech

  • domino
CWE
CWE-787

Out-of-bounds Write