CVE-2021-38647

Known Exploited Public Exploit
Open Management Infrastructure Remote Code Execution Vulnerability

Description

Open Management Infrastructure Remote Code Execution Vulnerability

9.8
CVSS
Severity: Critical
CVSS 3.1 •
CVSS 2.0 •
EPSS 94.34% Top 5%
KEV Since 
Vendor Advisory microsoft.com
Affected: Microsoft Open Management Infrastructure
Affected: Microsoft System Center Operations Manager (SCOM)
Affected: Microsoft Azure Automation State Configuration, DSC Extension
Affected: Microsoft Azure Automation Update Management
Affected: Microsoft Log Analytics Agent
Affected: Microsoft Azure Diagnostics (LAD)
Affected: Microsoft Container Monitoring Solution
Affected: Microsoft Azure Security Center
Affected: Microsoft Azure Sentinel
Affected: Microsoft Azure Stack Hub
Published at:
Updated at:

References

Link Tags
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647 patch vendor advisory
http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html third party advisory vdb entry exploit

Frequently Asked Questions

What is the severity of CVE-2021-38647?
CVE-2021-38647 has been scored as a critical severity vulnerability.
How to fix CVE-2021-38647?
To fix CVE-2021-38647, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-38647 being actively exploited in the wild?
It is confirmed that CVE-2021-38647 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~94% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-38647?
CVE-2021-38647 affects Microsoft Open Management Infrastructure, Microsoft System Center Operations Manager (SCOM), Microsoft Azure Automation State Configuration, DSC Extension, Microsoft Azure Automation Update Management, Microsoft Log Analytics Agent, Microsoft Azure Diagnostics (LAD), Microsoft Container Monitoring Solution, Microsoft Azure Security Center, Microsoft Azure Sentinel, Microsoft Azure Stack Hub.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.