Skip to content

Scope

Scope (cvss:S:1.0.0)

the ability for a vulnerability in one software component to impact resources beyond its means, or privileges

Value Definition
Unchanged (U) An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same.
Changed (C) An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different.
Scope (cvss:S:1.0.0) JSON Example
{
  "name": "Scope",
  "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges",
  "namespace": "cvss",
  "version": "1.0.0",
  "schemaVersion": "1-0-1",
  "key": "S",
  "values": [
    {
      "key": "U",
      "name": "Unchanged",
      "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same."
    },
    {
      "key": "C",
      "name": "Changed",
      "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different."
    }
  ]
}