Vulnerability
Vulnerability is described as a defect or a flaw inside the asset that could be used to obtain unauthorized access to it. A successful compromise of a vulnerability may result in data manipulation, code execution, etc.
Threat
A threat describes a potential danger to the machine system. It describes something that a company doesn’t want to happen. The successful exploitation of the vulnerability is a threat. A threat may be a malicious attacker who is attempting to obtain unauthorized access to an asset.
Exploit
The exploit is something that takes advantage of vulnerability in an asset to generate unintended or unexpected behavior in the target system, which would enable an attacker to get access to data or information.
Risk
A risk is described as an impact or damage occurring from the successful compromise of an asset. For instance, a company running a vulnerable apache tomcat server poses a threat to an organization and the damage/loss that is caused to the asset is defined as a risk. Risk refers to the likelihood of being targeted by a given attack
Usually, a risk can be calculated by using the following equation:
Risk = Threat * vulnerabilities * impact