CVE-2021-38645

Warnung

EPSS 14.61%
Veröffentlicht 15.09.2021 12:15:14
Zuletzt bearbeitet 30.10.2025 19:14:04
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Open Management Infrastructure Elevation of Privilege Vulnerability

Betroffene Produkte Warnungen 1 Metriken 4 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Azure Automation State Configuration Version-

Microsoft ≫ Azure Automation Update Management Version-

Microsoft ≫ Azure Open Management Infrastructure Version-

Microsoft ≫ Azure Security Center Version-

Microsoft ≫ Azure Sentinel Version-

Microsoft ≫ Azure Stack Hub Version-

Microsoft ≫ Container Monitoring Solution Version-

Microsoft ≫ Log Analytics Agent Version-

Microsoft ≫ System Center Operations Manager Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability

Schwachstelle

Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.61%	0.942

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38645

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38645

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-38645

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38645

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38645

EUVD