CVE-2015-2471

CWE-3103 documents3 sources
Severity
4.3MEDIUM
EPSS
31.5%
top 3.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft XML Core Services
Timeline
PublishedAug 15
Latest updateMay 14

Description

Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/xml_core_services3.0, 5.0, 6.0+2

🔴Vulnerability Details

2
GHSA
GHSA-v4cc-vhfx-2cx7: Microsoft XML Core Services 32022-05-14
CVEList
CVE-2015-2471: Microsoft XML Core Services 32015-08-15
CVE-2015-2471 (MEDIUM CVSS 4.3) | Microsoft XML Core Services 3.0 | cvebase.io