JVNDB-2008-000047

[Japanese]
JVNDB-2008-000047
LacoodaST from SpaceTag, Inc. session fixation vulnerability
Overview
LacoodaST from SpaceTag, Inc. contains a session fixation vulnerability. LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
Base Metrics: 5.8 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
Affected Products
SPACETAG INC. LacoodaST 2.1.3 and earlier
Impact
A remote attacker impersonating a logged in user could manipulate the operation with the user's privilege. As a result, disclosure or alteration of information may occur.
Solution
[Update the Software] Apply the latest update provided by the vendor. For more information, refer to the vendor's website.
Vendor Information
SPACETAG INC. News : about LacoodaST vulnerability
References
JVN : JVN#31723154 National Vulnerability Database (NVD) : CVE-2008-3738 Common Vulnerabilities and Exposures (CVE) : CVE-2008-3738 Secunia Advisory : SA31582 SecurityFocus : 30791 Common Weakness Enumeration (CWE) : Credentials Management (CWE-255) [IPA Evaluation] JVN iPedia (Japanese) : JVNDB-2008-000047
Revision History
[2008/09/02] Web page published

Date Public	2008/08/21
Date First Published	2008/09/02
Date Last Updated	2008/09/02

LacoodaST from SpaceTag, Inc. session fixation vulnerability