{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-44754", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "requesterUserId": "c5fdcef9-195e-4b4c-a893-a114640ac0a4", "dateReserved": "2022-11-04T21:08:23.515Z", "datePublished": "2022-12-17T03:33:30.577Z", "dateUpdated": "2024-08-03T14:01:31.435Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Domino", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "9"}]}], "datePublic": "2022-12-17T02:01:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. &nbsp;This vulnerability applies to software previously licensed by IBM.</span><br>"}], "value": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. \u00a0This vulnerability applies to software previously licensed by IBM.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2023-01-05T05:58:57.684130Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:01:31.435Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A73B2674-F58B-46AB-94E6-5B83886C25A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*", "matchCriteriaId": "2D00AC8D-4E35-49F4-B0EE-C03E1EE67B8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*", "matchCriteriaId": "0FBD1792-01BA-402A-859E-531F7614C9A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*", "matchCriteriaId": "DB652BE0-5767-4D42-A618-1315243A5C52", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*", "matchCriteriaId": "F3D799A2-AC87-43E8-A6A2-E76E1535A7C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*", "matchCriteriaId": "9C9A93C4-70E8-472D-A038-14F72780E02F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*", "matchCriteriaId": "442C02A0-0232-488A-8A66-62386FFBC807", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*", "matchCriteriaId": "A349B3BD-CB3D-4290-BE9E-8FFA68C3512B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*", "matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*", "matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*", "matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*", "matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*", "matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*", "matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*", "matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*", "matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. \u00a0This vulnerability applies to software previously licensed by IBM.\n"}, {"lang": "es", "value": "HCL Domino es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en lasr.dll en Micro Focus KeyView. Esto podr\u00eda permitir que un atacante remoto no autenticado bloquee la aplicaci\u00f3n o ejecute c\u00f3digo arbitrario a trav\u00e9s de un archivo Lotus Ami Pro manipulado. Esto es diferente de la vulnerabilidad descrita en CVE-2022-44750. A esta vulnerabilidad se aplica al software con licencia previa de IBM."}], "id": "CVE-2022-44754", "lastModified": "2024-11-21T07:28:26.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-19T11:15:11.070", "references": [{"source": "psirt@hcl.com", "tags": ["Third Party Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}