Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Web application abuses
Title:Western Digital My Cloud Multiple Products < 2.31.183 Multiple Vulnerabilities
Summary:Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.

Vulnerability Insight:
The following issues have been addressed:

- Apache updated to version 2.4.38 (CVE-2019-0211)

- Webfile viewer disabled for non-admin users (CVE-2019-9949)

- Removed remember-me mechanism from login page

- Resolved authenticated arbitrary file operation and authenticated command injection vulnerabilities

- Added protection against file patht raversal

- Resolved authentication bypass vulnerability

- Mitigation added for user session hijacking

- Added protection against cookie modification vulnerabilities

Affected Software/OS:
Western Digital My Cloud with firmware versions prior to 2.31.183.

Update to firmware version 2.31.183 or later.

Note: Some My Cloud products are already end-of-life and doesn't receive any updates anymore.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-0211
BugTraq ID: 107666
Bugtraq: 20190403 [SECURITY] [DSA 4422-1] apache2 security update (Google Search)
Bugtraq: 20190407 [slackware-security] httpd (SSA:2019-096-01) (Google Search)
Debian Security Information: DSA-4422 (Google Search)
RedHat Security Advisories: RHBA-2019:0959
RedHat Security Advisories: RHSA-2019:0746
RedHat Security Advisories: RHSA-2019:0980
RedHat Security Advisories: RHSA-2019:1296
RedHat Security Advisories: RHSA-2019:1297
RedHat Security Advisories: RHSA-2019:1543
SuSE Security Announcement: openSUSE-SU-2019:1190 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1209 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1258 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2019-9949
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2020 E-Soft Inc. All rights reserved.