CVE-2013-3395

CVE Database · CVE-2013-3395

CVE-2013-3395

· N/AModified

CVSS v3.1

N/A

EPSS

0.58%

Published

Jul 2, 2013

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.

Weaknesses (CWE)

CWE-352

Affected Products (3)

cisco · content_security_management_appliancevulnerable

cisco · web_security_appliancevulnerable

cisco · email_security_appliance_firmwarevulnerable

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs