Ibi
Monthly
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.