{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c509c526-84c3-5889-828d-e928f72f0ef1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2", "type": "library", "group": "org.apache.cxf.karaf", "name": "apache-cxf", "version": "3.5.11-tuxcare.2", "purl": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8bdedd3a-4728-54a2-a9bc-10b2ff8f4ece", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a74059e2-bf54-57f6-9afc-62e9fb9aafed", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:513aade4-8e9d-5ccc-9778-1ac3e2fbc933", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ffa4a13-f85c-56d9-9b05-a5f21b5cf82c", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95d92d33-579d-53b3-ad6f-2a9130ed3d98", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e0caaf3-a40a-5e95-aa07-7b792a975ae1", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:360c1b7c-bb97-5b76-b2f5-d9168e05c50b", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f32fbf31-8c05-52ad-8bcd-0ee7a99f3318", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80bfc97b-a6aa-5d4d-8786-6b127a2dd609", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2eeeda5f-b4ab-5eae-a88b-ed47cba7b244", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c32e7209-c97a-50c0-b686-e0e1ada3e125", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ee02009-605c-5a5b-a206-676a84870a93", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12904b4c-9b5b-576e-b0af-f9c2e22f6711", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:642078b8-7ca4-5dbd-a707-9f070614ba7f", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c6ba04c-66a5-5123-b7e5-efe189b96ee7", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3b9ebde-7cf6-5c82-a9a0-ae514e021a75", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:084d4d70-764f-593e-b068-49f06e78a92b", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30ab63ac-41ca-5870-8151-73d62f9f07a2", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dffcab97-6e1c-5835-b216-f57f10b1197a", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5501b582-e7ce-516f-9943-4365a5a3b8da", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb52757f-1059-5f23-be00-4216c4f599a4", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:098f7918-9f22-583e-ade0-1ff012095700", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3b0d058-f300-5bdb-95c3-c8fa73cf30f1", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03a7360d-532a-5139-8ce7-dc512672cd95", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f40f8a12-ab56-5a62-816d-ccb4eaed76fa", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30ac5ffb-3a03-5bfc-90c2-b2f84bbe4102", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1042ec1f-46ba-5fd6-b765-9c5ff62698e5", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c033d53-637a-5560-a35d-928cfb1036df", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2bffc2ad-734d-52d5-858a-fc835091e655", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52bd490f-e0eb-5366-b1f9-4a798c490032", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10baa6cf-0589-589f-8d24-f93766131805", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ca8d765-8426-599f-901e-902d4a168be4", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.2" } ] }