> An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different.
Quote from the CVSS specification
Vulnerabilities with this tag were given a CVSS rating as part of the
requirement to be included into the [National Vulnerability
Database](https://nvd.nist.gov/). You can learn more about what the individual
scores mean in the [CVSS specification
document](https://www.first.org/cvss/specification-document).
The Vulnerability History Project