CVE-2022-40305
CRITICALCanto Cumulus < 11.1.3 - Server-Side Request Forgery via Login Form Server Parameter
Title source: llmDescription
A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-023.txt
Scores
CVSS v3
9.8
EPSS
0.0116
EPSS Percentile
63.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (1)
canto/canto
< 11.1.3
Published
Sep 09, 2022
Tracked Since
Feb 18, 2026