{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b1538b76-1707-5775-b214-77e928401f61", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4", "type": "library", "group": "org.apache.cxf.karaf", "name": "apache-cxf", "version": "3.5.11-tuxcare.4", "purl": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:47ad836c-f056-5973-b7d5-3a704b028be9", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e0d27f3-4df9-529c-a3c6-3f079155b6e3", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c0aa5986-80aa-5912-b2f9-74bcbf76d61c", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6770af4a-44a2-559f-bfca-5a5a8d1876c2", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:18c14302-1728-5bad-923d-ec9bf8720d9e", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:639e404e-1d2e-5810-bb0b-2479ab4e877e", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1156bd84-252d-576e-b51d-d1c6a528d26e", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3cf9d26-e5ec-5a97-b0d0-189e771f7c45", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:56587d35-445f-5000-9ae9-baab327e0499", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c8c956a1-236b-5a8b-ae25-4f0ba7146813", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:73ae5103-c439-516b-a8b4-1cccacf2e0d8", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:27fe53d6-de9f-51ae-bf35-6a65e05f1b7f", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d8eb4a26-0650-59ca-b305-42562a2bbe15", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d2027869-4343-5927-8fc7-9db77e9248b2", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65dcdbcb-953a-59ae-8684-2e4d974dbc75", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e84dd6f-c62d-5bf5-814a-3033051887fc", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f7d31943-0d01-5072-8147-0f3f6a4e4355", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a7ff1a4-352a-5fcd-a5e1-a886e706a4a9", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:42b5965e-c0c1-51fa-8d91-720eae118ec4", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:36697bfd-e8ab-50f1-b8de-d7d442dc95b1", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:946be1ec-2541-5c9b-a150-12fde0edeaf1", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3fa479f-903e-5e3f-b416-2f4db1802233", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc864f9b-0e64-530f-9ef0-4cdeb20fdc3a", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9114ef89-da44-5391-8fd8-5f50ce2ecb1f", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6898e235-a577-5f92-8eb3-38ee93467522", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e26b8ea9-2a01-5265-a5df-fb1207f7d4a5", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9bc81c25-40fc-5d76-a089-f97e99065c47", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2789bdbd-a605-5618-ab0b-8be9d2e8aa85", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf91909f-890a-5f32-a002-a30122eb2e00", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b82fbd7-23fc-5e88-b2e5-bdc50435772e", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:99161c3d-e445-5605-b03d-4ec40883902e", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c26a4d8e-5bcc-5ab6-9e9f-cb1559a3cb3f", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.4 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.11-tuxcare.4" } ] }