CVE-2015-2471

medium

Microsoft

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Score

31.5%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

None

Availability

None

Published: August 15, 2015 (3926 days ago)

Last Modified: May 6, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434.

CWE

CWE-310

Affected Products

microsoft xml core services

References

🔗 www.securitytracker.com 🔗 docs.microsoft.com 🔗 www.securitytracker.com 🔗 docs.microsoft.com

CVE-2015-2471

Vulnerability Report

Description

CWE

Affected Products

References