I have drawn an attack graph for a file-sharing application (eg. Dropbox) where a database stores details of virtual machines Eg. memory space left, etc. I've listed some possible attacks:
- The attacker can reduce the memory size assigned by some amount (eg. if I'm assigned with 2Gb of memory, the attacker can reduce it to 1Gb by manipulating the database records)
- The attacker can reduce the memory size assigned to zero (eg. as in previous case, but there is no memory space left and so I can't upload any files)
- The attacker can make repeated attacks and reduce the memory size (eg. as in point 1. where memory size was reduced to 1Gb. The same thing is repeated and memory size is reduced to 0.5Gb)
- The attacker can hack a link between the downloader and the file location and get the file
I need to calculate CVSS. How do I match the attacks I've listed to those in CVE?