HP System Management Homepage < 7.3 Multiple Vulnerabilities

Medium Nessus Plugin ID 72959


The remote web server is affected by multiple vulnerabilities.


According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server may be affected by the following vulnerabilities :

- Versions prior to 7.3 are affected by an unspecified information disclosure vulnerability. (CVE-2013-4846)

- Versions 7.1 through 7.2.2 are affected by an unspecified cross-site request forgery vulnerability.


Upgrade to HP System Management Homepage 7.3 or later.

See Also



Plugin Details

Severity: Medium

ID: 72959

File Name: hpsmh_7_3.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Web Servers

Published: 2014/03/12

Modified: 2016/12/21

Dependencies: 10746, 11936

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/11/27

Vulnerability Publication Date: 2014/03/10

Reference Information

CVE: CVE-2013-4846, CVE-2013-6188

BID: 66128, 66129

OSVDB: 104376, 104377