CVE-2008-3736

Name of the Vulnerable Software and Affected Versions System Consultants La!Cooda WIZ versions 1.4.0 and earlier SpaceTag LacoodaST versions 2.1.3 and earlier

Description The issue allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords or configurations due to multiple cross-site request forgery (CSRF) vulnerabilities.

Recommendations For System Consultants La!Cooda WIZ versions 1.4.0 and earlier, update to a version later than 1.4.0 to resolve the issue. For SpaceTag LacoodaST versions 2.1.3 and earlier, update to a version later than 2.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the password change and configuration change features until a patch is available.