A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WDC PSIRT
Published: 2022-01-28T19:09:29
Updated: 2024-08-03T03:28:43.023Z
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-22993
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-01-28T20:15:12.763
Modified: 2022-03-18T20:51:29.423
Link: CVE-2022-22993
Redhat
No data.