XSS Vulnerability in Veeam Management Pack for Microsoft System Center v8
| KB ID: | 4338 |
| Product: | Veeam Management Pack for Microsoft System Center | Veeam Management Pack 8.0 |
| Published: | 2022-07-12 |
| Last Modified: | 2022-07-12 |
Vulnerability Details
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0.
This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts.
CVE: CVE-2022-32225
Solution
Veeam Management Pack for Microsoft System Center 8.0 has reached End-of-Fix, and all users are advised to upgrade to the latest version of Veeam Management Pack for Microsoft System Center.
This vulnerability does not affect Veeam Management Pack for Microsoft System Center version 9.0.
Temporary mitigation
If upgrading to the latest version of Veeam Management Pack for Microsoft System Center is not possible, this vulnerability can be mitigated by removing the Help directory.
Default location:
C:\Program Files (x86)\Veeam\Veeam Virtualization Extensions for System Center\User Interface\HelpMore information
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.