Lucene search
MicrosoftCVELIST:CVE-2021-38647HistorySep 15, 2021 - 11:24 a.m.
CVE-2021-38647 Open Management Infrastructure Remote Code Execution Vulnerability
2021-09-1511:24:07
microsoft
www.cve.org
1
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9.6 High
AI Score
Confidence
High
0.975 High
EPSS
Percentile
100.0%
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Open Management Infrastructure",
"cpes": [
"cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "16.0",
"lessThan": "OMI Version 1.6.8-1",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "System Center Operations Manager (SCOM)",
"cpes": [
"cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "OMI version: 1.6.8-1",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Automation State Configuration, DSC Extension",
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "2.0.0",
"lessThan": "DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Automation Update Management",
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Log Analytics Agent",
"cpes": [
"cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Diagnostics (LAD)",
"cpes": [
"cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "3.0.0",
"lessThan": "LAD v4.0.13 and LAD v3.0.135",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Container Monitoring Solution",
"cpes": [
"cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Security Center",
"cpes": [
"cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Sentinel",
"cpes": [
"cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Stack Hub",
"cpes": [
"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "Monitor, Update and Config Mgmnt 1.14.01",
"versionType": "custom",
"status": "affected"
},
{
"version": "1.0.0",
"lessThan": "3.1.135",
"versionType": "custom",
"status": "affected"
}
]
}
]Related
saint
saint
Microsoft Azure Open Management Infrastructure remote command execution
2021-09-28 00:00:00
Microsoft Azure Open Management Infrastructure remote command execution
2021-09-28 00:00:00
Microsoft Azure Open Management Infrastructure remote command execution
2021-09-28 00:00:00
githubexploit
githubexploit
Exploit for Improper Initialization in Microsoft
2021-09-26 18:06:00
Exploit for Improper Initialization in Microsoft
2021-09-22 01:05:22
Exploit for Improper Initialization in Microsoft
2021-09-19 15:43:32
nvd
nvd
CVE-2021-38647
2021-09-15 12:15:15
ibm
ibm
cisa_kev
cisa_kev
prion
prion
Remote code execution
2021-09-15 12:15:00
packetstorm
packetstorm
Microsoft OMI Management Interface Authentication Bypass
2021-10-28 00:00:00
Microsoft OMI Management Interface Authentication Bypass
2021-11-10 00:00:00
mscve
mscve
Open Management Infrastructure Remote Code Execution Vulnerability
2021-09-14 07:00:00
attackerkb
attackerkb
CVE-2021-38647
2021-09-15 00:00:00
metasploit
metasploit
Microsoft OMI Management Interface Authentication Bypass
2021-10-25 21:36:55
Microsoft OMI Management Interface Authentication Bypass
2021-10-27 16:05:56
nuclei
nuclei
Microsoft Open Management Infrastructure - Remote Code Execution
2021-09-15 16:10:58
zdt
zdt
Microsoft OMI Management Interface Authentication Bypass Exploit
2021-10-31 00:00:00
Microsoft OMI Management Interface Authentication Bypass Exploit
2021-11-10 00:00:00
nessus
nessus
Microsoft Open Management Infrastructure RCE (CVE-2021-38647)
2021-09-20 00:00:00
Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities
2021-09-17 00:00:00
Microsoft Open Management Infrastructure < 1.6.8.1 Multiple Vulnerabilities
2021-09-17 00:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2021-38647
2021-09-15 12:15:15
thn
thn
msrc
msrc
threatpost
threatpost
Azure Zero-Day Bugs Show Lurking Supply-Chain Risk
2021-09-16 11:37:48
Microsoft Patches Actively Exploited Windows Zero-Day
2021-09-14 20:29:14
cisa
cisa
kaspersky
kaspersky
KLA12297 Multiple vulnerabilities in Microsoft System Center
2021-09-14 00:00:00
KLA12286 Mutliple vulnerabilities in Microsoft Azure
2021-09-14 00:00:00
rapid7blog
rapid7blog
OMIGOD: How to Automatically Detect and Fix Microsoft Azureโs New OMI Vulnerability
2021-09-15 14:30:57
Metasploit Wrap-Up
2021-10-29 17:59:46
Patch Tuesday - September 2021
2021-09-15 03:44:31
malwarebytes
malwarebytes
avleonov
avleonov
krebs
krebs
Microsoft Patch Tuesday, September 2021 Edition
2021-09-14 21:00:42
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday (September 2021) โ Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities
2021-09-14 18:56:17
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9.6 High
AI Score
Confidence
High
0.975 High
EPSS
Percentile
100.0%
Related for CVELIST:CVE-2021-38647