Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spacetag | Lacoodast | <= 2.1.3 |
| System Consultants | La Cooda Wiz | <= 1.4.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN83428818/index.html
- http://secunia.com/advisories/31574Vendor Advisory
- http://secunia.com/advisories/31582Vendor Advisory
- http://wiz.syscon.co.jp/Details.htm
- http://www.securityfocus.com/bid/30791
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44592
- http://jvn.jp/en/jp/JVN83428818/index.html
- http://secunia.com/advisories/31574Vendor Advisory
- http://secunia.com/advisories/31582Vendor Advisory
- http://wiz.syscon.co.jp/Details.htm
- http://www.securityfocus.com/bid/30791
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44592
FAQ
What is CVE-2008-3736?
CVE-2008-3736 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the au...
How severe is CVE-2008-3736?
CVE-2008-3736 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3736?
Check the references section above for vendor advisories and patch information. Affected products include: Spacetag Lacoodast, System Consultants La Cooda Wiz.