How severe is CVE-2021-4189?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2021-4189?

This is classified as CWE-252, which is a common weakness in software security.

CVE-2021-4189 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Related Vulnerabilities

CVE-2018-14622

MEDIUM

CVSS:5.3(Medium)

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server...

CWE-2522018

CVE-2019-15523

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this func...

CWE-2522019

CVE-2020-4531

MEDIUM

CVSS:5.3(Medium)

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error m...

CWE-2522020

CVE-2021-41041

MEDIUM

CVSS:5.3(Medium)

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified ...

CWE-2522021

CVE-2021-42780

MEDIUM

CVSS:5.3(Medium)

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

CWE-2522021

CVE-2022-46897

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpec...

CWE-2522022