XSS Vulnerability in Veeam Management Pack for Microsoft System Center v8

KB ID: 4338
Product: Veeam Management Pack for Microsoft System Center | Veeam Management Pack 8.0
Published: 2022-07-12
Last Modified: 2022-07-12
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Vulnerability Details

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0.

This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts.

 

CVE: CVE-2022-32225

Solution

Veeam Management Pack for Microsoft System Center 8.0 has reached End-of-Fix, and all users are advised to upgrade to the latest version of Veeam Management Pack for Microsoft System Center.

This vulnerability does not affect Veeam Management Pack for Microsoft System Center version 9.0.

Temporary mitigation

If upgrading to the latest version of Veeam Management Pack for Microsoft System Center is not possible, this vulnerability can be mitigated by removing the Help directory.

Default location:

C:\Program Files (x86)\Veeam\Veeam Virtualization Extensions for System Center\User Interface\Help

More information

This vulnerability was reported by Mateusz Dabrowski.
Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.