Class PrivilegesRequired (1.15.0)

Stay organized with collections Save and categorize content based on your preferences.

This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

Values: PRIVILEGES_REQUIRED_UNSPECIFIED (0): Invalid value. PRIVILEGES_REQUIRED_NONE (1): The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack. PRIVILEGES_REQUIRED_LOW (2): The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources. PRIVILEGES_REQUIRED_HIGH (3): The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files.