The attacker requires privileges that provide significant (e.g.,
administrative) control over the vulnerable component allowing access to
component-wide settings and files.
The attacker requires privileges that provide basic user capabilities
that could normally affect only settings and files owned by a user.
Alternatively, an attacker with Low privileges has the ability to access
only non-sensitive resources.
The attacker is unauthorized prior to attack, and therefore does not
require any access to settings or files of the vulnerable system to
carry out an attack.