If a vulnerability affects confidentiality and integrity but not availability, which ratings would appropriately represent this?
Understand the Problem
The question is asking which rating corresponds to a vulnerability that impacts confidentiality and integrity but not availability. The options provided suggest different levels of ratings for confidentiality (C), integrity (I), and availability (A), and we need to determine the most appropriate one based on the given conditions.
Answer
Partial or complete impact to confidentiality and integrity, no impact to availability.
Appropriate ratings would be partial or complete impact to confidentiality and integrity, with no impact to availability.
Answer for screen readers
Appropriate ratings would be partial or complete impact to confidentiality and integrity, with no impact to availability.
More Information
The Common Vulnerability Scoring System (CVSS) provides a standardized way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. Each component of the CIA triad (Confidentiality, Integrity, Availability) can be rated individually to reflect the impact of a vulnerability.
Tips
A common mistake is to overlook the requirement to set 'no impact' for availability when scoring vulnerabilities that do not affect it.
Sources
- CVSS v2 Complete Documentation - FIRST.Org - first.org
- Understanding CVSS Base Scores - Balbix - balbix.com
AI-generated content may contain errors. Please verify critical information
