v0.07 - Active
| Metric | Key | Value | Weight |
|---|---|---|---|
| ITN - Infrastructure | NA | N/A | 0 |
| S | Single | 0.374 | |
| M | Multi | 0.812 | |
| STN - Software | NA | N/A | 0 |
| S | Single | 0.374 | |
| M | Multi | 0.812 | |
| DTN - Database | NA | N/A | 0 |
| S | Single | 0.374 | |
| M | Multi | 0.812 | |
| TIM - Tenants Impacted | N | None | 0 |
| D | Dev Only | 0.7 | |
| O | One | 1 | |
| M | Many | 1.3 | |
| A | All | 1.5 | |
| DCI - Confidentiality | N | None | 0 |
| SU | Affects Data of a Single Victim in a Single Organization per attack | 0.275 | |
| SUSTO | Allows Session Takeover of a Single Victim in a Single Organization per attack | 0.375 | |
| MU | Affects Data of Multiple Victims within a Single Organization per attack | 0.492 | |
| SUATO | Allows Account Takeover of a Single Victim per attack | 0.5 | |
| SO | Affects the Data of one entire Organization, impacting all users | 0.604 | |
| CODO | Attacker authenticated to Org A can affect data in Org B (Cross Org). | 0.66 | |
| MUSTO | Allows Session Takeover of Multiple Victims within a Single Organization with a single attack | 0.75 | |
| MUATO | Allows Account Takeover of Multiple Victims within a Single Organization with a single attack | 0.85 | |
| MO | Affects the Data of multiple Organizations, impacting all users within all Orgs involved | 0.9 | |
| AO | Affects the Data of All Organizations, impacting all users | 1 | |
| DII - Integrity | N | None | 0 |
| SUDO | Affects Data of a Single Victim in a Single Organization per attack | 0.275 | |
| SUSTO | Allows Session Takeover of a Single Victim in a Single Organization per attack | 0.45 | |
| MUDO | Affects Data of Multiple Victims within a Single Organization per attack | 0.492 | |
| SUATO | Allows Account Takeover of a Single Victim per attack | 0.5 | |
| SO | Affects the Data of one entire Organization, impacting all users | 0.604 | |
| AO | Attacker authenticated to Org A can affect data in Org B (Cross Org). | 0.66 | |
| MUSTO | Allows Session Takeover of Multiple Victims within a Single Organization with a single attack | 0.75 | |
| MUATO | Allows Account Takeover of Multiple Victims within a Single Organization with a single attack | 0.85 | |
| MO | Affects the Data of multiple Organizations, impacting all users within all Orgs involved | 0.9 | |
| AODO | Affects the Data of All Organizations, impacting all users | 1 | |
| DAI - Availability | N | None | 0 |
| SU | Affects Data of a Single Victim in a Single Organization per attack | 0.275 | |
| MU | Affects Data of Multiple Victims within a Single Organization per attack | 0.492 | |
| SO | Affects the Data of one entire Organization, impacting all users | 0.604 | |
| MO | Affects the Data of multiple Organizations, impacting all users within all Orgs involved | 0.66 | |
| AO | Affects the Data of All Organizations, impacting all users | 0.9 | |
| DCL - Data Classification | N | None | 0 |
| P | Zoom Public | 0.1 | |
| CPUB | Customer - Public | 0.1 | |
| T | Test Data Only | 0.5 | |
| CCFG | Customer - Org Configuration | 1.1 | |
| I | Zoom Internal | 1.3 | |
| S | Zoom Confidential | 1.5 | |
| R | Zoom Restricted | 1.7 | |
| C | Customer - Confidential/Personal Data/PII | 2 | |
| CIR | Customer - Irreplaceable | 2 | |
| CCON | Customer - Restricted Content/Secrets | 3.5 | |
| UCI - Compensating Controls | P | Internal Control - Prevents Impact | 0.65 |
| EREK | Exploit Requires Entropic Key | 0.7 | |
| ERUI | Exploit Requires Victim Interaction | 0.8 | |
| L | Internal Control - Limits Impact | 0.8 | |
| NA | N/A | 1 | |
| PLI - Platform Impacted | NA | N/A | 0 |
| T | 3rd Party Hosted/Tool/Library | 0.85 | |
| M | Mobile Application | 1 | |
| W | Browser App / API Endpoint | 1.1 | |
| D | Desktop Application | 1.1 | |
| CUI | Customer Infrastructure | 1.25 | |
| ZI | Zoom Infrastructure | 1.5 | |
| DOC | Documentation | 2 | |
| ICI - Confidentiality | N | None | 0 |
| D | Network/DNS Configuration | 0.1 | |
| H | Hardware Configuration | 0.125 | |
| C | Container Configuration | 0.175 | |
| O | OS Configuration | 0.215 | |
| S | Software Configuration | 0.25 | |
| P | PKI/Secrets Configuration | 0.3 | |
| U | User Account Configuration | 0.35 | |
| ICRPE | Restricted PE | 0.65 | |
| ICRRCE | Restricted RCE | 0.69 | |
| ICUPE | Unrestricted PE | 0.72 | |
| ICURCE | Unrestricted RCE | 0.8 | |
| III - Integrity | N | None | 0 |
| D | Network/DNS Configuration | 0.125 | |
| H | Hardware Configuration | 0.25 | |
| C | Container Configuration | 0.325 | |
| O | OS Configuration | 0.5 | |
| S | Software Configuration | 0.625 | |
| P | PKI/Secrets Configuration | 0.7 | |
| U | User Account Configuration | 0.75 | |
| RRCE | Restricted RCE | 0.8 | |
| RPE | Restricted PE | 0.8 | |
| UPE | Unrestricted PE | 0.9 | |
| URCE | Unrestricted RCE | 0.9 | |
| IAI - Availability | N | None | 0 |
| SSS | Single Service on Single Container/VM/Machine | 0.062 | |
| SSM | Single Service on Multiple Containers/VMs/Machines | 0.124 | |
| SSAPG | Single Service on all Containers/VMs/Machines within a portion of a Geographic Area | 0.186 | |
| SSAEG | Single Service on all Containers/VMs/Machines within an entire Geographic Area | 0.248 | |
| SSAEI | Single Service on all Containers/VMs/Machines within the entire Infrastructure | 0.31 | |
| MSS | Multiple Services on Single Container/VM/Machine | 0.372 | |
| MSM | Multiple Services on Multiple Containers/VMs/Machines | 0.434 | |
| MSAPG | Multiple Services on all Containers/VMs/Machines within a portion of a Geographic Area | 0.496 | |
| MSAEG | Multiple Services on all Containers/VMs/Machines within an entire Geographic Area | 0.558 | |
| MSAEI | Multiple Services on all Containers/VMs/Machines within the entire Infrastructure | 0.62 | |
| ASS | All Services on Single Container/VM/Machine | 0.682 | |
| ASM | All Services on Multiple Containers/VMs/Machines | 0.744 | |
| ASAPG | All Services on all Containers/VMs/Machines within a portion of a Geographic Area | 0.806 | |
| ASAEG | All Services on all Containers/VMs/Machines within an entire Geographic Area | 0.868 | |
| ASAEI | All Services on all Containers/VMs/Machines within the entire Infrastructure | 0.93 |