{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5dddf81b-73c1-584f-b6d6-ec793c4bbae2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf.karaf", "name": "karaf-parent", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:952b23d9-2aa3-50d2-a212-7bd24802df9f", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:17f6bc9d-c36c-597c-b102-8ddaaebc9ce8", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f924546-6e19-5c41-b711-7263eda597b0", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6db40bbf-a688-5868-aece-78463b691193", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30b725f9-0066-56cf-9497-60d00fc2102f", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7216bc73-39ea-5995-bf41-962df353bc38", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d8bfa13-5ddc-5af4-9c7a-1ff281a8ebec", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5baa0ec8-2b9a-5bb5-8f7f-1230db915641", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4fdec81b-bd8c-563c-a045-b072b030ed2a", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1cb19541-ed89-5b62-b228-04200c1a24ac", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3225ab25-a5f4-5e1d-a5d4-c27141c56c57", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78b005c6-efac-5def-9a53-35b82f4d75ff", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:84af8148-8cd8-570f-8b80-7533fb41c0f5", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b41ae4e-29f2-5007-95fa-6ec88bcaeaf5", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ee1e7a3f-7ded-5646-9182-b58b9367cf63", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:703a6bac-3080-5d11-a090-858a25d15814", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1223e3bd-b89c-55f1-adae-b1b627d6b9f8", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.karaf:karaf-parent 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:455ebc7c-a442-52d0-84e7-0f37dad5eff3", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4fa00215-1f22-5c0c-bee2-e631dadc1a7a", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c92224f-6e99-53b7-9088-aff416cd9d36", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a63cde27-542c-51d9-b534-4e9dcff4e367", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fc3bdbd3-b605-5436-abf5-1790168914db", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9fa5645b-27ef-5ddd-8999-25e879f8311c", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4734da53-3eed-5197-8712-cdb6f9e6c653", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:007d0a76-25ee-52ba-8745-6dbb76c9a730", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e3640ab6-6eb2-5afa-a1c5-3f2bbd7b8486", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.karaf:karaf-parent 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ad6443a6-a613-5969-bc3f-02b2d6e7ff86", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:81dd64aa-f3a9-5b7a-8625-8fb2d23993cc", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:277ebd7e-2132-5963-b1e8-f0290b99faf6", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dff761e7-fcab-514b-8764-35f9689661e2", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.karaf:karaf-parent 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0f1e4a92-24ae-5fb2-9a80-94eb51082f03", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:75c494df-7039-555f-b9e5-85f642644660", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:189d5d2d-6dd0-534d-8c4f-82ade3df0e7a", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6d18666-7115-59dd-8835-c77e6e40401b", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.4" } ] }