Severity: Attack Complexity - Medium

> The access conditions are somewhat specialized; the following are examples: > - The attacking party is limited to a group of systems or users at some level > of authorization, possibly untrusted. > - Some information must be gathered before a successful attack can be > launched. > - The affected configuration is non-default, and is not commonly configured > (e.g., a vulnerability present when a server performs user account > authentication via a specific scheme, but not present for another > authentication scheme). > - The attack requires a small amount of social engineering that might > occasionally fool cautious users (e.g., phishing attacks that modify a web > browsers status bar to show a false link, having to be on someones buddy > list before sending an IM exploit). Quote from the CVSS specification. Vulnerabilities with this tag were given a CVSS rating as part of the requirement to be included into the [National Vulnerability Database](https://nvd.nist.gov/). You can learn more about what the individual scores mean in the [CVSS specification document](https://www.first.org/cvss/specification-document).