Confidentiality Requirement
Confidentiality Requirement (cvss:CR:1.1.1)
This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.
| Value | Definition |
|---|---|
| Low (L) | Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Medium (M) | Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| High (H) | Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Not Defined (X) | This metric value is not defined. See CVSS documentation for details. |
Confidentiality Requirement (cvss:CR:1.1.1) JSON Example
{
"namespace": "cvss",
"key": "CR",
"version": "1.1.1",
"name": "Confidentiality Requirement",
"description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "L",
"name": "Low",
"description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "M",
"name": "Medium",
"description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "H",
"name": "High",
"description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "X",
"name": "Not Defined",
"description": "This metric value is not defined. See CVSS documentation for details."
}
]
}
Previous Versions
Following are the previous versions of the decision point:
Confidentiality Requirement (cvss:CR:1.0.0)
This metric measures the impact to the confidentiality of a successfully exploited vulnerability.
| Value | Definition |
|---|---|
| Low (L) | Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Medium (M) | Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| High (H) | Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Not Defined (ND) | This metric value is not defined. See CVSS documentation for details. |
Confidentiality Requirement (cvss:CR:1.0.0) JSON Example
{
"namespace": "cvss",
"key": "CR",
"version": "1.0.0",
"name": "Confidentiality Requirement",
"description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "L",
"name": "Low",
"description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "M",
"name": "Medium",
"description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "H",
"name": "High",
"description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "ND",
"name": "Not Defined",
"description": "This metric value is not defined. See CVSS documentation for details."
}
]
}
Confidentiality Requirement (cvss:CR:1.1.0)
This metric measures the impact to the confidentiality of a successfully exploited vulnerability.
| Value | Definition |
|---|---|
| Low (L) | Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Medium (M) | Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| High (H) | Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). |
| Not Defined (X) | This metric value is not defined. See CVSS documentation for details. |
Confidentiality Requirement (cvss:CR:1.1.0) JSON Example
{
"namespace": "cvss",
"key": "CR",
"version": "1.1.0",
"name": "Confidentiality Requirement",
"description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "L",
"name": "Low",
"description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "M",
"name": "Medium",
"description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "H",
"name": "High",
"description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."
},
{
"key": "X",
"name": "Not Defined",
"description": "This metric value is not defined. See CVSS documentation for details."
}
]
}