CVE-2008-3736 : Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consult

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations.

Published 2008-08-27 20:41:00

Updated 2017-08-08 01:32:08

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2008-3736

Spacetag » Lacoodast
Versions up to, including, (<=) 2.1.3
cpe:2.3:a:spacetag:lacoodast:*:*:*:*:*:*:*:*
Matching versions
System Consultants » La Cooda Wiz
Versions up to, including, (<=) 1.4.0
cpe:2.3:a:system_consultants:la_cooda_wiz:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-3736

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-3736

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2008-3736

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-3736

Jump to

Vulnerability Details : CVE-2008-3736

Products affected by CVE-2008-3736

Exploit prediction scoring system (EPSS) score for CVE-2008-3736

CVSS scores for CVE-2008-3736

CWE ids for CVE-2008-3736

References for CVE-2008-3736