{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:dbd7c226-62e5-5457-8e6b-abcac45808c4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf.karaf", "name": "apache-cxf", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:dfe4990e-17eb-5d57-9700-d2daba1deeb4", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:092ebb78-7a01-51c6-993d-b9d4a2b676a0", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f0ef5327-c929-58f8-bdd5-59320c711a76", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86a45af1-7fba-5693-8748-0436c4c18157", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2548f4e6-8adb-5133-a7a2-7d30083cb48e", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:443d25d1-be85-572c-b0c0-3a7d4e3d052a", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42a9ffbd-12b6-5693-ad7c-81ab9acfa14d", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cad99a80-12e5-59e1-a70a-4f9b72cc7ae9", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a2cfcf4-8857-5216-b5d7-68f1a07d4db3", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:638f248a-7c5f-5664-b758-6225cb85be37", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6a93db0-2b11-5757-aba8-dfd964e9242b", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a74ec98c-3920-5ad8-ba0c-385dd5c38fcf", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d30aa61-a0ab-585f-ac60-b5a9a3009cfd", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d78c5ef-352a-5e3a-b602-746ab4be15f1", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:570c4dcb-bfb1-519a-8d4e-7f2ab4c1380a", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b948075-6aaa-5806-b126-3defee770ddf", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6934a310-df3b-5eca-a79e-c7c668e86996", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ecd92fc-e2cf-514a-82d0-85a16fd80d1a", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7870bf1-32fd-5550-a77d-b4c46e29ef96", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10283c86-3638-5f20-ae2f-3ab3adc70d88", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:107ace42-f971-5347-8fc6-b7532edc2c36", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:395cb41b-c644-5bdc-b484-047b23e07bef", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95cd159f-a56c-5359-a480-46622a9fb1f5", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7dac7a73-da5e-5396-9068-ba9e64985e51", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12987683-c4da-5fdc-9393-71f34665667e", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:237955ec-f562-5a28-b4b7-7698e9dbcbfc", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99bde61c-668d-51e4-92dc-1a29569b2e95", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:baaa32d7-7700-5df1-8237-6d0f1b96a4f8", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:079e6343-8cc1-58c1-842f-beb0f8131164", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3dcaf4c8-15bd-5dca-9134-2ea24814d4d5", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.karaf:apache-cxf 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67e4bc14-076f-544c-8eae-f2c8ac4a2c42", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:27064408-7123-5698-87a2-d487c527678a", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4eca8f61-2504-5856-8382-24ad2836d604", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b606e04a-3519-5ee6-9b5a-621e84d88a53", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf.karaf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.karaf/apache-cxf@3.5.9-tuxcare.3" } ] }