CVE-2021-38648

Known Exploited Public Exploit
Open Management Infrastructure Elevation of Privilege Vulnerability

Description

Open Management Infrastructure Elevation of Privilege Vulnerability

7.8
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 27.88% Top 5%
KEV Since 
Vendor Advisory microsoft.com
Affected: Microsoft Open Management Infrastructure
Affected: Microsoft System Center Operations Manager (SCOM)
Affected: Microsoft Azure Automation State Configuration, DSC Extension
Affected: Microsoft Azure Automation Update Management
Affected: Microsoft Log Analytics Agent
Affected: Microsoft Azure Diagnostics (LAD)
Affected: Microsoft Container Monitoring Solution
Affected: Microsoft Azure Security Center
Affected: Microsoft Azure Sentinel
Affected: Microsoft Azure Stack Hub
Published at:
Updated at:

References

Link Tags
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648 patch vendor advisory
http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html exploit vdb entry third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-38648?
CVE-2021-38648 has been scored as a high severity vulnerability.
How to fix CVE-2021-38648?
To fix CVE-2021-38648, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-38648 being actively exploited in the wild?
It is confirmed that CVE-2021-38648 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~28% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-38648?
CVE-2021-38648 affects Microsoft Open Management Infrastructure, Microsoft System Center Operations Manager (SCOM), Microsoft Azure Automation State Configuration, DSC Extension, Microsoft Azure Automation Update Management, Microsoft Log Analytics Agent, Microsoft Azure Diagnostics (LAD), Microsoft Container Monitoring Solution, Microsoft Azure Security Center, Microsoft Azure Sentinel, Microsoft Azure Stack Hub.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.