CVE-2021-38649

HIGH KEV

Open Management Infrastructure - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-38649 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.

Description

Open Management Infrastructure Elevation of Privilege Vulnerability

References (2)

Core 2

Scores

CVSS v3 7.0
EPSS 0.0673
EPSS Percentile 91.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-09-17
InTheWild.io 2021-11-03
ENISA EUVD EUVD-2021-25088
Status published
Products (10)
microsoft/azure_automation_state_configuration
microsoft/azure_automation_update_management
microsoft/azure_diagnostics_\(lad\)
microsoft/azure_open_management_infrastructure
microsoft/azure_security_center
microsoft/azure_sentinel
microsoft/azure_stack_hub
microsoft/container_monitoring_solution
microsoft/log_analytics_agent
microsoft/system_center_operations_manager
Published Sep 15, 2021
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026