CVE-2022-44755

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if10:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp6:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp7:*:*:*:*:*:*

History

01 Mar 2023, 15:59

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:notes:10.0.1:interim_fix_4:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_1:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_7:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_4:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_5:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_5:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_2:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_8:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_9:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_3:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:-:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_3:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:-:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_1:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_6:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_2:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_10:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_7:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_6:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp4if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp5:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if8:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp5if3:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if3:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp3if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp9if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp8if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp6:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp5if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp7:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp7if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp3if3:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if6:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp4:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp4if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp2if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp3if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp1if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp2if4:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if10:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp3if4:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp7if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp2if3:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp5if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if7:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if5:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:fp3:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp9if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if4:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:10.0.1:-:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp10if1:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp2if2:*:*:*:*:*:*
cpe:2.3:a:hcltech:notes:9.0.1:fp1if1:*:*:*:*:*:*
Summary IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.

22 Dec 2022, 19:55

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References (MISC) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260 - (MISC) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260 - Third Party Advisory
CPE cpe:2.3:a:ibm:notes:10.0.1:-:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_3:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_4:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_9:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_1:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_6:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_2:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_7:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_10:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_4:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_2:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_7:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_1:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_6:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:10.0.1:interim_fix_5:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:-:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_5:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_8:*:*:*:*:*:*
cpe:2.3:a:ibm:notes:9.0.1.10:interim_fix_3:*:*:*:*:*:*

19 Dec 2022, 13:12

Type Values Removed Values Added
New CVE

Information

Published : 2022-12-19 11:15

Updated : 2024-02-04 23:14


NVD link : CVE-2022-44755

Mitre link : CVE-2022-44755

CVE.ORG link : CVE-2022-44755


JSON object : View

Products Affected

hcltech

  • notes
CWE
CWE-787

Out-of-bounds Write