Class PrivilegesRequired (1.17.2)


This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

Values: PRIVILEGES_REQUIRED_UNSPECIFIED (0): Invalid value. PRIVILEGES_REQUIRED_NONE (1): The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack. PRIVILEGES_REQUIRED_LOW (2): The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources. PRIVILEGES_REQUIRED_HIGH (3): The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files.