Attack Vector (AV)
Network
Adjacent
Local
Physical
Attack Complexity (AC)
Low
High
Privileges Required (PR)
None
Low
High
User Interaction (UI)
None
Required
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CVSS:3.1/
AV:N
/
AC:L
/
PR:N
/
UI:N
/
S:U
/
C:N
/
I:N
/
A:N
Financial Damager (FD)
Less than the cost fixing vulnerability (1)
Minor effect on annual profit (3)
Significant effect on annual profit (7)
Bankruptcy (10)
Reputation Damage (RD)
Minimal damage (1)
Loss of major accounts (4)
Loss of goodwill (5)
Brand damage (10)
Non-Compliance (NC)
Minor violation (2)
Clear violation (6)
High profile violation (10)
Privacy Violation (PV)
One individual (3)
Hundreds of people (5)
Thousands of people (7)
Hundreds of thousands of people (10)
BIS-IMP:1.0/
FD:L
/
RD:M
/
NC:M
/
PV:O
Result:
Copy