← back
CVE-2021-38649

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS 7 HIGHEPSS 2.0%● KEV
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7EPSS 2.0%KEV simPoC Nuclei Metasploit Patch
Lifecycle
15 Sep 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Weaponization speed
49 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Open Management Infrastructure allows a local attacker to gain higher privileges on a system. An attacker with basic user access could escalate to administrator-level permissions.

Technical detail

The vulnerability exists in Open Management Infrastructure's privilege escalation mechanism, exploitable by local authenticated users. The attack leverages insufficient access control checks to elevate privileges from standard user to administrative level, requiring prior local system access.

Summary generated and translated by AI from the official description.
Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C