{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cb27a326-7e31-5a6e-b293-12035bbbe370", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf.karaf", "name": "apache-cxf", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:afa1b127-b43e-513e-a422-926fc9d59b8c", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e42efd69-840e-5507-a355-e2cb39425996", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:477f1efa-2c9b-5b1e-9cae-38f3350e2cfb", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef0e84f0-f0e0-5acd-8ac2-9d6e6da57e9f", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9220338-42bf-5abc-96f2-b713983dfd08", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31ce5bc8-84e2-5ade-81e5-d61cbc8d288e", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fbac87e9-e8ec-58cf-b67c-3a55e498ef4d", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2b7cc02-96af-5e5a-8269-0ed68ef92513", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe7dd7ed-0abe-5dd6-bf1e-7fb683b8f7a0", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ffab2605-0224-5e2e-9900-9375ef3a943e", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a670a86-74d4-54c0-8486-7759e8468f3f", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:245d5e7a-0cd2-52c0-bbcf-fdba02449eb2", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0eca986c-c989-525d-b6a2-f96f14a96906", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06530e82-445c-5566-a86b-6caa946e0e1a", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0d7f146-86e2-5e6d-9a5e-434e63548abc", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9eeca01b-8846-5491-aca6-a2b6f1c1dd0e", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7dab637b-98f1-5310-80b6-2be4e82448fa", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9aaebe7c-bf50-569e-9ff0-a7cfe7671821", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:039ccba8-bd73-5cf7-8e11-f6cd818c3282", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eeff315e-6d87-529d-ba04-b62865a03364", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a42f4b48-700f-5e4e-94ff-4ac9e7fdb0c6", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c726a735-49e7-5aaa-9460-9e080fadacf1", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f44b3f80-377c-544d-a1cf-9d626c3bc3fa", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a3db682-b280-5db4-98f3-9796f869b84a", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3646594-6941-53e1-94bc-162c15acf16d", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5086f2a-667d-5663-aa91-3fb46a9a7326", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:904403fb-edcf-51d5-978c-ca1adc8718ec", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92c6f745-5b4e-5af1-b964-378d215fa400", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:112096c6-fb56-5e95-b68d-6a68bffbad3a", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:999894a1-7900-5963-8f56-f9c5a3744716", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9fce5f8-932c-5dbe-bf11-cee139c14896", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36886640-6eba-5264-beac-6614003594c1", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1905f463-93b4-53aa-8130-7875eabf5302", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3d28e73-be53-59ee-8470-682534941b6f", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.2" } ] }