Detections
Analytics

HP System Management Homepage < 7.3 Multiple Vulnerabilities

medium Nessus Plugin ID 72959

Language:

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server may be affected by the following vulnerabilities :

 - Versions prior to 7.3 are affected by an unspecified information disclosure vulnerability. (CVE-2013-4846)

 - Versions 7.1 through 7.2.2 are affected by an unspecified cross-site request forgery vulnerability.
 (CVE-2013-6188)

Solution

Upgrade to HP System Management Homepage 7.3 or later.

See Also

http://www.nessus.org/u?2d45fc52

https://www.securityfocus.com/archive/1/531406/30/0/threaded

Plugin Details

Severity: Medium

ID: 72959

File Name: hpsmh_7_3.nasl

Version: 1.6

Type: remote

Family: Web Servers

Published: 3/12/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh

Exploit Ease: No known exploits are available

Patch Publication Date: 11/27/2013

Vulnerability Publication Date: 3/10/2014

Reference Information

CVE: CVE-2013-4846, CVE-2013-6188

BID: 66128, 66129