reflects the complexity of the attack required to exploit the software feature misuse vulnerability.
Sources:
NISTIR 7864
a means to convey the level of difficulty required for an attacker to exploit a vulnerability once the target system is identified.
Sources:
NISTIR 7946