Skip to content

Availability Impact to the Vulnerable System

Availability Impact to the Vulnerable System (cvss:VA:3.0.0)

This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.

Value Definition
None (N) There is no impact to availability within the Vulnerable System.
Low (L) There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System.
High (H) There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed).
Availability Impact to the Vulnerable System (cvss:VA:3.0.0) JSON Example
{
  "name": "Availability Impact to the Vulnerable System",
  "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.",
  "namespace": "cvss",
  "version": "3.0.0",
  "schemaVersion": "1-0-1",
  "key": "VA",
  "values": [
    {
      "key": "N",
      "name": "None",
      "description": "There is no impact to availability within the Vulnerable System."
    },
    {
      "key": "L",
      "name": "Low",
      "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System."
    },
    {
      "key": "H",
      "name": "High",
      "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)."
    }
  ]
}

Previous Versions

Following are the previous versions of the decision point:

Availability Impact (cvss:A:1.0.0)

This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.

Value Definition
None (N) No impact on availability.
Partial (P) Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete.
Complete (C) Total shutdown of the affected resource. The attacker can render the resource completely unavailable.
Availability Impact (cvss:A:1.0.0) JSON Example
{
  "name": "Availability Impact",
  "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.",
  "namespace": "cvss",
  "version": "1.0.0",
  "schemaVersion": "1-0-1",
  "key": "A",
  "values": [
    {
      "key": "N",
      "name": "None",
      "description": "No impact on availability."
    },
    {
      "key": "P",
      "name": "Partial",
      "description": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete."
    },
    {
      "key": "C",
      "name": "Complete",
      "description": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable."
    }
  ]
}

Availability Impact (cvss:A:2.0.0)

This metric measures the impact to availability of a successfully exploited vulnerability.

Value Definition
None (N) There is no impact to the availability of the system.
Low (L) There is reduced performance or interruptions in resource availability.
High (H) There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed).
Availability Impact (cvss:A:2.0.0) JSON Example
{
  "name": "Availability Impact",
  "description": "This metric measures the impact to availability of a successfully exploited vulnerability.",
  "namespace": "cvss",
  "version": "2.0.0",
  "schemaVersion": "1-0-1",
  "key": "A",
  "values": [
    {
      "key": "N",
      "name": "None",
      "description": "There is no impact to the availability of the system."
    },
    {
      "key": "L",
      "name": "Low",
      "description": "There is reduced performance or interruptions in resource availability."
    },
    {
      "key": "H",
      "name": "High",
      "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)."
    }
  ]
}