Class AttackComplexity (1.19.0)

Stay organized with collections Save and categorize content based on your preferences.

This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.

Values: ATTACK_COMPLEXITY_UNSPECIFIED (0): Invalid value. ATTACK_COMPLEXITY_LOW (1): Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component. ATTACK_COMPLEXITY_HIGH (2): A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.