CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 0CVE-2022-44751 – HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView
https://notcve.org/view.php?id=CVE-2022-44751
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. This vulnerability applies to software previously licensed by IBM. HCL Notes es susceptible a una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en lasr.dll en Micro Focus KeyView. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260 • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38653 – HCL Digital Experience is susceptible to cross-site scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-38653
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. En HCL Digital Experience, el payload XSS personalizado se puede construir de manera que se entregue en la aplicación sin codificar. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38662 – HCL Digital Experience is susceptible to open redirects
https://notcve.org/view.php?id=CVE-2022-38662
In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. En HCL Digital Experience, se pueden crear URL para redirigir a los usuarios a sitios que no son de confianza. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42446 – HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access
https://notcve.org/view.php?id=CVE-2022-42446
Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users. A partir de Sametime 12, los usuarios anónimos están habilitados de forma predeterminada. Después de iniciar sesión como usuario anónimo, uno tiene la posibilidad de explorar el directorio de usuarios y potencialmente crear chats con usuarios internos. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101768 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 31EXPL: 0CVE-2022-38654 – HCL Domino is susceptible to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-38654
HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record. HCL Domino es susceptible a una vulnerabilidad de divulgación de información. En algunos escenarios, las llamadas locales realizadas en el servidor para buscar en el directorio Domino ignorarán las restricciones de lectura de xACL. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101017 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •