Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3736

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-3736
Last Modified 02 Apr 2009 12:00:00
Published 27 Aug 2008 04:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-3736

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations.

Vulnerable Systems

Application

  • Spacetag Lacoodast 2.1.3

  • System Consultants La Cooda Wiz 1.4.0


References

XF - lacooda-unspecified-csrf(44592)

BID - 30791

CONFIRM - http://wiz.syscon.co.jp/Details.htm

SECUNIA - 31582

SECUNIA - 31574

JVN - JVN#83428818


Last Updated: 27 May 2016 10:48:17