CVE-2022-44755
high-risk
Published 2022-12-19
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.
Do I need to act?
~
1.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Notes
Affected Vendors
References (2)
Third Party Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
Third Party Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
60
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
4/34 · Minimal
Exposure
24/34 · High