Threat: "A potential violation of security" - ISO 7498-2

Impact: Consequences for an organization or environment when an attack is realized, or weakness is present.

Attack: A well-defined set of actions that, if successful, would result in either damage to an asset, or undesirable operation.

Vulnerability: "An occurrence of a weakness (or multiple weaknesses) within software, in which the weakness can be used by a party to cause the software to modify or access unintended data, interrupt proper execution, or perform incorrect actions that were not specifically granted to the party who uses the weakness." - CWE (http://cwe.mitre.org/documents/glossary/index.html#Vulnerability)

Weakness: "A type of mistake in software that, in proper conditions, could contribute to the introduction of vulnerabilities within that software. This term applies to mistakes regardless of whether they occur in implementation, design, or other phases of the SDLC." - CWE (http://cwe.mitre.org/documents/glossary/index.html#Weakness)