| Explanation & Hint:
The scope metric is part of the Base metric group in CVSS (Common Vulnerability Scoring System) version 3.0. The Base metric group captures the intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments.
CVSS v3.0 has three main metric groups:
- Base Metrics: These provide an assessment of the intrinsic qualities of a vulnerability that are constant over time and across user environments. The Base metric group includes metrics like Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, and Impact (which is further divided into Confidentiality, Integrity, and Availability).
- Temporal Metrics: These metrics change over time but are not dependent on a particular user’s environment. They include Exploit Code Maturity, Remediation Level, and Report Confidence.
- Environmental Metrics: These metrics are customized to reflect the importance of the vulnerable component to the user’s organization, and they can change based on different user environments. They include Security Requirements (Confidentiality, Integrity, Availability), Modified Attack Vector, Modified Attack Complexity, Modified Privileges Required, Modified User Interaction, Modified Scope, and Modified Impact.
“Maturity” is not one of the standard metric groups in the CVSS v3.0 framework. |