Operational Defect Database
BugZero found this defect 687 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4338
XSS Vulnerability in Veeam Management Pack for Microsoft System Center v8
Last update date:
7/12/2022
Affected products:
Veeam Management Pack for Microsoft System Center
Affected releases:
8.0
Fixed releases:
No fixed releases provided.
Description:
Vulnerability Details
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts. CVE: CVE-2022-32225
Solution
Veeam Management Pack for Microsoft System Center 8.0 has reached End-of-Fix, and all users are advised to upgrade to the latest version of Veeam Management Pack for Microsoft System Center. This vulnerability does not affect Veeam Management Pack for Microsoft System Center version 9.0.
Temporary mitigation
If upgrading to the latest version of Veeam Management Pack for Microsoft System Center is not possible, this vulnerability can be mitigated by removing the Help directory. Default location:
More Information
This vulnerability was reported by Mateusz Dabrowski.
