Vulners
Lucene search
CVE-2021-38647
🗓️ 15 Sep 2021 11:24:07Reported by microsoftType 
cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 1223 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 58 |
|---|---|---|---|---|
 | Exploit for CVE-2021-38647 | 18 Sep 202115:25 | – | githubexploit |
| Exploit for CVE-2021-38647 | 15 Sep 202121:44 | – | githubexploit |
| Exploit for CVE-2021-38647 | 22 Sep 202115:20 | – | githubexploit |
| Exploit for CVE-2021-38647 | 19 Sep 202115:43 | – | githubexploit |
| Exploit for CVE-2021-38647 | 15 Sep 202104:51 | – | githubexploit |
| Exploit for CVE-2021-38647 | 16 Sep 202108:33 | – | githubexploit |
| Exploit for CVE-2021-38647 | 13 Mar 202420:05 | – | githubexploit |
| Exploit for CVE-2021-38647 | 16 Sep 202102:11 | – | githubexploit |
| Exploit for CVE-2021-38647 | 20 Sep 202116:29 | – | githubexploit |
 | Microsoft OMI Management Interface Authentication Bypass Exploit | 31 Oct 202100:00 | – | zdt |
10
Node
OROROROROROROROROR
[
{
"vendor": "Microsoft",
"product": "Open Management Infrastructure",
"cpes": [
"cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "16.0",
"lessThan": "OMI Version 1.6.8-1",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "System Center Operations Manager (SCOM)",
"cpes": [
"cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "OMI version: 1.6.8-1",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Automation State Configuration, DSC Extension",
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "2.0.0",
"lessThan": "DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Automation Update Management",
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Log Analytics Agent",
"cpes": [
"cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Diagnostics (LAD)",
"cpes": [
"cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "3.0.0",
"lessThan": "LAD v4.0.13 and LAD v3.0.135",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Container Monitoring Solution",
"cpes": [
"cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Security Center",
"cpes": [
"cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Sentinel",
"cpes": [
"cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Azure Stack Hub",
"cpes": [
"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "1.0.0",
"lessThan": "Monitor, Update and Config Mgmnt 1.14.01",
"versionType": "custom",
"status": "affected"
},
{
"version": "1.0.0",
"lessThan": "3.1.135",
"versionType": "custom",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| p:Script | request body | /wsman | Authentication bypass against Microsoft OMI management interface leading to remote command execution via SOAP ExecuteScript. | CWE-287 |
| p:b64encoded | request body | /wsman | Authentication bypass against Microsoft OMI management interface leading to remote command execution via SOAP ExecuteScript. | CWE-287 |
| p:Arguments | request body | /wsman | Authentication bypass against Microsoft OMI management interface leading to remote command execution via SOAP ExecuteScript. | CWE-287 |
| p:timeout | request body | /wsman | Authentication bypass against Microsoft OMI management interface leading to remote command execution via SOAP ExecuteScript. | CWE-287 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Oct 2025 19:13Current
7.3High risk
Vulners AI Score7.3
CVSS 27.5
CVSS 3.19.8
EPSS0.94392
SSVC