Integrity Impact to the Vulnerable System
Integrity Impact to the Vulnerable System v3.0.0
This metric measures the impact to integrity of a successfully exploited vulnerability.
| Value | Definition |
|---|---|
| None | There is no loss of integrity within the Vulnerable System. |
| Low | Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System. |
| High | There is a total loss of integrity, or a complete loss of protection. |
Integrity Impact to the Vulnerable System v3.0.0 JSON Example
{
"namespace": "cvss",
"version": "3.0.0",
"schemaVersion": "1-0-1",
"key": "VI",
"name": "Integrity Impact to the Vulnerable System",
"description": "This metric measures the impact to integrity of a successfully exploited vulnerability.",
"values": [
{
"key": "N",
"name": "None",
"description": "There is no loss of integrity within the Vulnerable System."
},
{
"key": "L",
"name": "Low",
"description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System."
},
{
"key": "H",
"name": "High",
"description": "There is a total loss of integrity, or a complete loss of protection."
}
]
}
Previous Versions
Following are the previous versions of the decision point:
Integrity Impact v1.0.0
This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.
| Value | Definition |
|---|---|
| None | No impact on integrity. |
| Partial | Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope. |
| Complete | A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files. |
Integrity Impact v1.0.0 JSON Example
{
"namespace": "cvss",
"version": "1.0.0",
"schemaVersion": "1-0-1",
"key": "I",
"name": "Integrity Impact",
"description": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.",
"values": [
{
"key": "N",
"name": "None",
"description": "No impact on integrity."
},
{
"key": "P",
"name": "Partial",
"description": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope."
},
{
"key": "C",
"name": "Complete",
"description": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files."
}
]
}
Integrity Impact v2.0.0
This metric measures the impact to integrity of a successfully exploited vulnerability.
| Value | Definition |
|---|---|
| None | There is no impact to the integrity of the system. |
| Low | Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component. |
| High | There is a total loss of integrity, or a complete loss of protection. |
Integrity Impact v2.0.0 JSON Example
{
"namespace": "cvss",
"version": "2.0.0",
"schemaVersion": "1-0-1",
"key": "I",
"name": "Integrity Impact",
"description": "This metric measures the impact to integrity of a successfully exploited vulnerability.",
"values": [
{
"key": "N",
"name": "None",
"description": "There is no impact to the integrity of the system."
},
{
"key": "L",
"name": "Low",
"description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component."
},
{
"key": "H",
"name": "High",
"description": "There is a total loss of integrity, or a complete loss of protection."
}
]
}