Exploitation section of the CVSS is made up of which of the following?

Exploitation in CVSS refers to the Exploitability metrics, which are defined by three factors that describe how easy it is to exploit a vulnerability. These are Access Vector, which tells where the attacker must access the system (local, adjacent network, or network); Access Complexity, which indicates how difficult the exploit is to perform (low vs high complexity); and Authentication, which shows whether the attacker must authenticate or can exploit without authentication. Each of these aspects contributes to the overall Exploitability sub-score, and together they determine how readily a vulnerability can be exploited. (Note: CVSS versions differ—in CVSS v3 the metrics shift, but in the common v2 scheme these three are the exploitation components.)