En la actualidad, en el ámbito de la seguridad informática se presentan vulnerabilidades que afectan los activos o controles implementados y que pueden ser explotadas por amenazas externas o internas, lo cual configura un riesgo de seguridad que expone a las organizaciones en su activo más importante, la información. En el presente documento, se realiza una descripción detallada del CVSS (Common Vulnerability Score System) como estándar abierto y de uso libre para estimar el impacto generado por la presencia de vulnerabilidades en un sistema informático, cuantificando su severidad y permitiendo la toma de decisiones por parte de la organización, para el tratamiento del riesgo a un nivel aceptable.

Introduction: This article is a product of the review of the "Vulnerability of information, on the Internet of Things", developed from the Juan de Castellanos University Foundation in 2021. Methods: Review of articles and relevant literature on the exposure of information and some vulnerabilities in devices that are part of the Internet of Things (IoT). Results: Information, as one of the most valuable assets, is essential, which is why it is important to have technology, devices that are part of the IoT, despite vulnerabilities. Conclusions: Keeping information secure has become a challenge, because it is one of the most important assets of any organization. Its manipulation requires many actors and involves many factors, making it is difficult to control and protect. The constant emergence of technology and their applications in various fields, along with their relative ease of use and smaller sizes, have made significant inroads possible; we must accept that they are a part of the IoT. Originality: In the bibliographic review of the information, which results from the use of technology, how the IoT is vulnerable and even more so when it is configured with the Internet. Limitation: Technology is becoming more and more dependent on it, despite the vulnerabilities of IoT devices and the Internet.