Scope
Scope (cvss:S:1.0.0)
the ability for a vulnerability in one software component to impact resources beyond its means, or privileges
| Value | Definition |
|---|---|
| Unchanged (U) | An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same. |
| Changed (C) | An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different. |
Scope (cvss:S:1.0.0) JSON Example
{
"name": "Scope",
"description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges",
"namespace": "cvss",
"version": "1.0.0",
"schemaVersion": "1-0-1",
"key": "S",
"values": [
{
"key": "U",
"name": "Unchanged",
"description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same."
},
{
"key": "C",
"name": "Changed",
"description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different."
}
]
}