During a quarterly vulnerability assessment, a security analyst reviews a scan report that flags a flaw in a patient-records web application with the following CVSS v3.1 vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
The IT director asks which aspect of the organization's security triad would be most affected if an attacker exploited this vulnerability, because it would allow unauthorized parties to view Social Security numbers, prescription histories, and other sensitive data. Which impact category best describes this risk?
In the CVSS vector, the component "C:H" denotes a high Confidentiality impact, meaning a successful exploit could disclose sensitive information to unauthorized parties. The Integrity impact is low (I:L), indicating limited potential for data alteration, and the Availability impact is none (A:N), so service disruption is not the main concern. Therefore, the foremost risk is to confidentiality, not integrity or availability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'C:H' in a CVSS v3.1 vector mean?
Open an interactive chat with Bash
How does CVSS v3.1 categorize Integrity and Availability impacts?
Open an interactive chat with Bash
Why is Confidentiality the greatest concern in this scenario?