Skip to main content

My Cloud Home

3 CVEs product

Monthly

CVE-2023-22813 MEDIUM This Month

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Authentication Bypass My Cloud +3
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-10951 MEDIUM This Month

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ibi My Cloud Home
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2020-8990 CRITICAL PATCH Act Now

Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Ibi My Cloud Home
NVD
CVSS 3.1
9.1
EPSS
1.0%
EPSS 0% CVSS 4.3
MEDIUM This Month

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google +5
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ibi My Cloud Home
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Ibi +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy