CVE-2021-38647
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/09/2021
Last modified:
30/10/2025
Description
Open Management Infrastructure Remote Code Execution Vulnerability
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:azure_diagnostics_\(lad\):-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647
- http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38647