Which of the following CVSS scores measures the extent to which the information resource can be changed due to an attack?
- Attack vector
Integrity is the extent to which the information resource can be changed due to an attack.
Confidentiality is the secrecy of an information resource managed by a software component due to an exploited vulnerability.
Availability measures the extent to which availability is at risk due to an attack.
Attack vector describe the nature of the vulnerability. Version 3.0 of CVSS sets the possible values for the confidentiality, integrity, and availability metrics to none, low, and high. These are explained below for integrity: