{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4d47fb0c-ee9a-52c2-9c72-24425b4159b4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf.karaf", "name": "cxf-karaf-commands", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6ff6aa69-e33d-52e1-a4f2-840ebb498131", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7619287c-77f5-57ef-9127-a3c9c2e95d8d", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:adef6b36-cc2a-5dea-b0fb-6155fce12a8d", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:caf6cafc-5688-531a-98e4-7c5b130b65cf", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e2cdfa3-97da-5fc6-87ce-e0aa82169eab", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0410d57-b531-57af-bcf3-366ab1d6df6c", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc7a56e8-f76f-51fd-822c-d71d389f5334", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c52379c-c3cc-5de9-bbce-124c0152009b", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00f102ab-fb32-5c70-8ea9-90565685251c", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6970518f-fbe5-5de2-ab30-32f601e4acdb", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe88d1a9-ad07-5bac-a855-40b394b847d8", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:702cf5ac-fff2-5599-b2e0-9b61c1752693", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfbc26a9-9217-5dcf-9d2e-70d8f65e37e0", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f66a4d4-4a77-58a1-b659-1bcc93952d47", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0756208f-9dd3-554a-8a7b-4bcaa7efa277", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17fcc9dc-e7ac-55f4-aaab-65abb0dd99ff", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5196b5c1-6b97-5b56-a67e-103ebbed6cbf", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.karaf:cxf-karaf-commands 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8564edd-cf65-5f82-8f4c-0de100877fca", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d8b0d77-84b9-57f6-bd98-d9a6f46d51ef", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:574d86f8-6c3a-5afd-85b4-08e00f168993", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8f7599e-cb32-5362-ad1b-89953297082f", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f98dc515-b53e-5dfb-9ba1-9949009f3e28", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a012e6e-f15b-5167-8c85-b25122e09316", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8195cbc6-1bd2-512f-ac8b-f5994fbc1fb8", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e8ef3e4-1f68-5de9-bc8c-3bfb5acef5c4", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5823b55d-3770-5401-bee5-af35552f6e11", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.karaf:cxf-karaf-commands 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3b50544-feb7-5398-b71f-e816e4af1ad2", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2f319c1-3a7b-5772-834c-ba4855a7f1c3", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b25b9698-1e51-5570-b7b2-6dc67610727f", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2da93d65-e2cd-5561-86b6-f9b2ab467330", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.karaf:cxf-karaf-commands 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34d774bd-2c3a-5ddd-8e40-eb404f08e080", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4f0253a-7eb1-565d-8357-9068ae46f59f", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05308a04-7479-5c9d-b2d1-1efc8ab5bd88", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:baac0ccb-d0fa-59a1-9fe8-e5ac68d84f04", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf.karaf:cxf-karaf-commands." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.9-tuxcare.2" } ] }