You have discovered a vulnerability to your web service that if leveraged would cause data to be changed in the attack.
Which CVSS metric will increase if this attack is realized?
The integrity metric increases when data is changed in the attack.
When a service is rendered unable to do its job as in this case, its availability has been decreased resulting in an increase in the availability metric. The confidentiality metric increases when there is a data disclosure or breach.
Attack vector describe the nature of the vulnerability. The new version of CVSS (3.0) set the possible values for the confidentiality, integrity and availability metrics to none, low, and high. These are explained below for integrity:
The complexity metric is a measure of the difficulty of succeeding in the attack. Low and high are values for attack complexity, which has replaced access complexity in version 3.0, and measures the difficulty of the attack. It has two possible values:
Low (L) – the attacker can perform the attack at will
High (H) – the attack depends on conditions beyond the control of the attacker