Availability Impact to the Vulnerable System
Availability Impact to the Vulnerable System v3.0.0
This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.
| Value | Definition |
|---|---|
| None | There is no impact to availability within the Vulnerable System. |
| Low | There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System. |
| High | There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). |
Availability Impact to the Vulnerable System v3.0.0 JSON Example
{
"namespace": "cvss",
"version": "3.0.0",
"schemaVersion": "1-0-1",
"key": "VA",
"name": "Availability Impact to the Vulnerable System",
"description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.",
"values": [
{
"key": "N",
"name": "None",
"description": "There is no impact to availability within the Vulnerable System."
},
{
"key": "L",
"name": "Low",
"description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System."
},
{
"key": "H",
"name": "High",
"description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)."
}
]
}
Previous Versions
Following are the previous versions of the decision point:
Availability Impact v1.0.0
This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.
| Value | Definition |
|---|---|
| None | No impact on availability. |
| Partial | Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete. |
| Complete | Total shutdown of the affected resource. The attacker can render the resource completely unavailable. |
Availability Impact v1.0.0 JSON Example
{
"namespace": "cvss",
"version": "1.0.0",
"schemaVersion": "1-0-1",
"key": "A",
"name": "Availability Impact",
"description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.",
"values": [
{
"key": "N",
"name": "None",
"description": "No impact on availability."
},
{
"key": "P",
"name": "Partial",
"description": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete."
},
{
"key": "C",
"name": "Complete",
"description": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable."
}
]
}
Availability Impact v2.0.0
This metric measures the impact to availability of a successfully exploited vulnerability.
| Value | Definition |
|---|---|
| None | There is no impact to the availability of the system. |
| Low | There is reduced performance or interruptions in resource availability. |
| High | There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). |
Availability Impact v2.0.0 JSON Example
{
"namespace": "cvss",
"version": "2.0.0",
"schemaVersion": "1-0-1",
"key": "A",
"name": "Availability Impact",
"description": "This metric measures the impact to availability of a successfully exploited vulnerability.",
"values": [
{
"key": "N",
"name": "None",
"description": "There is no impact to the availability of the system."
},
{
"key": "L",
"name": "Low",
"description": "There is reduced performance or interruptions in resource availability."
},
{
"key": "H",
"name": "High",
"description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)."
}
]
}