> An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same.
Quote from the CVSS specification
Vulnerabilities with this tag were given a CVSS rating as part of the
requirement to be included into the [National Vulnerability
Database](https://nvd.nist.gov/). You can learn more about what the individual
scores mean in the [CVSS specification