QID 375860

Date Published: 2021-09-15

QID 375860: Azure Open Management Infrastructure Multiple Vulnerabilities

Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint.

CVE-2021-38649: Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38648: Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38647: Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38645: Open Management Infrastructure Elevation of Privilege Vulnerability

Affected Software:

Azure Open Management Infrastructure prior to v1.6.8-1

Successful exploitation allows an attacker to conduct Elevation of Privilege and Remote Code Execution Vulnerability.

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as High - 7.5 severity.
  • Solution
    Customers are advised to refer to CVE-2021-38649 and CVE-2021-38648 and CVE-2021-38647 and CVE-2021-38645for more details pertaining to this vulnerability

    CVEs related to QID 375860

    Software Advisories
    Advisory ID Software Component Link
    CVE-2021-38645 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38645
    CVE-2021-38647 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
    CVE-2021-38648 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38648
    CVE-2021-38649 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38649