Zoom VISS Configurator
HomeCalculatorSpecificationsVersions

v1.1.0

MetricKeyValueWeight
PLI - Platform ImpactedNAN/A0
T3rd Party Hosted/Tool/Library0.85
MMobile Application1
WBrowser App / API Endpoint1.1
DDesktop Application1.1
CUICustomer Infrastructure1.25
ZIZoom Infrastructure1.5
DOCDocumentation2
ICI - ConfidentialityNNone0
DNetwork/DNS Configuration0.1
HHardware Configuration0.125
CContainer Configuration0.175
OOS Configuration0.215
SSoftware Configuration0.25
PPKI/Secrets Configuration0.3
UUser Account Configuration0.35
ICRPERestricted PE0.65
ICRRCERestricted RCE0.69
ICUPEUnrestricted PE0.72
ICURCEUnrestricted RCE0.8
III - IntegrityNNone0
DNetwork/DNS Configuration0.125
HHardware Configuration0.25
CContainer Configuration0.325
OOS Configuration0.5
SSoftware Configuration0.625
PPKI/Secrets Configuration0.7
UUser Account Configuration0.75
RRCERestricted RCE0.8
RPERestricted PE0.8
UPEUnrestricted PE0.9
URCEUnrestricted RCE0.9
IAI - AvailabilityNNone0
SSSSingle Service on Single Container/VM/Machine0.062
SSMSingle Service on Multiple Containers/VMs/Machines0.124
SSAPGSingle Service on all Containers/VMs/Machines within a portion of a Geographic Area0.186
SSAEGSingle Service on all Containers/VMs/Machines within an entire Geographic Area0.248
SSAEISingle Service on all Containers/VMs/Machines within the entire Infrastructure0.31
MSSMultiple Services on Single Container/VM/Machine0.372
MSMMultiple Services on Multiple Containers/VMs/Machines0.434
MSAPGMultiple Services on all Containers/VMs/Machines within a portion of a Geographic Area0.496
MSAEGMultiple Services on all Containers/VMs/Machines within an entire Geographic Area0.558
MSAEIMultiple Services on all Containers/VMs/Machines within the entire Infrastructure0.62
ASSAll Services on Single Container/VM/Machine0.682
ASMAll Services on Multiple Containers/VMs/Machines0.744
ASAPGAll Services on all Containers/VMs/Machines within a portion of a Geographic Area0.806
ASAEGAll Services on all Containers/VMs/Machines within an entire Geographic Area0.868
ASAEIAll Services on all Containers/VMs/Machines within the entire Infrastructure0.93
ITN - InfrastructureNAN/A0
SSingle0.374
MMulti0.812
STN - SoftwareNAN/A0
SSingle0.374
MMulti0.812
DTN - DatabaseNAN/A0
SSingle0.374
MMulti0.812
TIM - Tenants ImpactedNNone0
DDev Only0.7
OOne1
MMany1.3
AAll1.5
DCI - ConfidentialityNNone0
SUAffects Data of a Single Victim in a Single Organization per attack0.275
SUSTOAllows Session Takeover of a Single Victim in a Single Organization per attack0.375
MUAffects Data of Multiple Victims within a Single Organization per attack0.492
SUATOAllows Account Takeover of a Single Victim per attack0.5
SOAffects the Data of one entire Organization, impacting all users0.604
CODOAttacker authenticated to Org A can affect data in Org B (Cross Org).0.66
MUSTOAllows Session Takeover of Multiple Victims within a Single Organization with a single attack0.75
MUATOAllows Account Takeover of Multiple Victims within a Single Organization with a single attack0.85
MOAffects the Data of multiple Organizations, impacting all users within all Orgs involved0.9
AOAffects the Data of All Organizations, impacting all users1
DII - IntegrityNNone0
SUDOAffects Data of a Single Victim in a Single Organization per attack0.275
SUSTOAllows Session Takeover of a Single Victim in a Single Organization per attack0.45
MUDOAffects Data of Multiple Victims within a Single Organization per attack0.492
SUATOAllows Account Takeover of a Single Victim per attack0.5
SOAffects the Data of one entire Organization, impacting all users0.604
AOAttacker authenticated to Org A can affect data in Org B (Cross Org).0.66
MUSTOAllows Session Takeover of Multiple Victims within a Single Organization with a single attack0.75
MUATOAllows Account Takeover of Multiple Victims within a Single Organization with a single attack0.85
MOAffects the Data of multiple Organizations, impacting all users within all Orgs involved0.9
AODOAffects the Data of All Organizations, impacting all users1
DAI - AvailabilityNNone0
SUAffects Data of a Single Victim in a Single Organization per attack0.275
MUAffects Data of Multiple Victims within a Single Organization per attack0.492
SOAffects the Data of one entire Organization, impacting all users0.604
MOAffects the Data of multiple Organizations, impacting all users within all Orgs involved0.66
AOAffects the Data of All Organizations, impacting all users0.9
DCL - Data ClassificationNNone0
CPUBCustomer - Public0.1
PZoom Public0.1
TTest Data Only0.5
CCFGCustomer - Org Configuration1.1
IZoom Internal1.3
SZoom Confidential1.5
RZoom Restricted1.7
CCustomer - Confidential/Personal Data/PII2
CIRCustomer - Irreplaceable2
CCONCustomer - Restricted Content/Secrets3.5
UCI - Compensating ControlsPInternal Control - Prevents Impact0.65
EREKExploit Requires Entropic Key0.7
ERUIExploit Requires Victim Interaction0.8
LInternal Control - Limits Impact0.8
NAN/A1