What is the CVSS score of CVE-2021-47865?

CVE-2021-47865 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Suse are affected by CVE-2021-47865?

Organizations using ProFTPD 1.3.7a face notable risk from CVE-2021-47865 rated CVSS 7.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2021-47865?

Yes, a public proof-of-concept exploit is available for CVE-2021-47865. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2021-47865?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Suse CVE-2021-47865

HIGH

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-01-21 disclosure@vulncheck.com

Denial Of Service Suse

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SUSE

HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 26, 2026 - 15:04 vuln.today

Public exploit code

CVE Published

Jan 21, 2026 - 18:16 nvd

HIGH 7.5

DescriptionCVE.org

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

AnalysisAI

Technical ContextAI

This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

Affected ProductsAI

ProFTPD 1.3.7a contains a denial of service vulnerability that

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Vendor StatusVendor

SUSE

Severity: High

Product	Status
SUSE Linux Enterprise High Performance Computing 15 SP7	Fixed
SUSE Linux Enterprise Module for Server Applications 15 SP7	Fixed
SUSE Linux Enterprise Server 15 SP7	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7	Fixed
openSUSE Leap 15.6	Fixed

CVE-2021-47865 vulnerability details – vuln.today

Back

SUSE Linux Enterprise Module for Server Applications 15 SP6	Fixed
SUSE Linux Enterprise Server 15 SP6	Fixed
SUSE Linux Enterprise Server 15 SP6-LTSS	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP6	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP6	Fixed

Suse CVE-2021-47865

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code