Headline
CVE-2022-32225: KB4338: XSS Vulnerability in Veeam Management Pack for Microsoft System Center v8
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts.
Vulnerability Details
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0.
This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts.
CVE: CVE-2022-32225
Temporary mitigation
If upgrading to the latest version of Veeam Management Pack for Microsoft System Center is not possible, this vulnerability can be mitigated by removing the Help directory.
Default location:
C:\Program Files (x86)\Veeam\Veeam Virtualization Extensions for System Center\User Interface\Help
More information
This vulnerability was reported by Mateusz Dabrowski.
Click here to send feedback regarding this KB, or suggest content for a new KB.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.