My Cloud Home and ibi Websites Version 2.2.0
WDC Tracking Number: WDC-19012
Product Line/Web: My Cloud Home and ibi Portal Websites
Published: October 24, 2019
Last Updated: October 24, 2019
Description
The My Cloud Home and ibi Portal websites have been updated to improve their security. Versions prior to this were vulnerable to a clickjacking vulnerability in which an attacker could trick a user into clicking on an unexpected webpage element on the My Cloud Home and ibi portal websites. This could potentially route the user to an attacker chosen destination used for malicious purposes. This attack can be used to reveal confidential information or could lead to the attacker gaining complete control over a user’s system.
Advisory Summary
My Cloud Home and ibi portal websites have now addressed this clickjacking vulnerability by adding the X-Frame Options HTTP Response header to the pages that require protection from clickjacking. This frame-busting method is used to restrict a web page from being loaded in a sub-frame.
Addressed multiple Clickjacking vulnerabilities for the following websites:
CVE Number: CVE-2020-10951
Reported by: Tayyab Sial