Description

Open Management Infrastructure Elevation of Privilege Vulnerability

Related CPE's

a

microsoft

azure_automation_state_configuration

-

Vulnerable

a

microsoft

azure_automation_update_management

-

Vulnerable

a

microsoft

azure_diagnostics_\(lad\)

-

Vulnerable

a

microsoft

azure_open_management_infrastructure

-

Vulnerable

a

microsoft

azure_security_center

-

Vulnerable

a

microsoft

azure_sentinel

-

Vulnerable

a

microsoft

azure_stack_hub

-

Vulnerable

a

microsoft

container_monitoring_solution

-

Vulnerable

a

microsoft

log_analytics_agent

-

Vulnerable

a

microsoft

system_center_operations_manager

-

Vulnerable

References

http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html

ExploitThird Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648

PatchVendor Advisory

http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html

ExploitThird Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38648

US Government Resource

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-09-15T10:15:15.147Z

4 years ago

Last modified

2025-10-30T18:13:49.427Z

4 months ago