{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d513b2bb-25a3-5ece-ad50-13d2b16fc6f6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf.karaf", "name": "karaf-parent", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:88fdbcb5-8608-5be5-a86c-58f77a75dc1c", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e92f4185-b99a-5a44-803b-35117004ea47", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b87ae98-24f5-57b7-bb68-1a4e7ab5d109", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02539d45-935b-517c-b94c-b4da8ae631ea", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47e13c15-393f-5043-8be7-18f587a31da4", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e851c7f-807d-5cbe-9c66-d47446d1d64b", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea49105e-add4-5c12-bbf8-cb0b335c38c4", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7719f168-e6e7-5ae5-b241-3a3fb099006c", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14c9cca7-8a25-5653-bc59-b680ab431d3c", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a21c687-f440-5042-9ca6-9d6840563606", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:335920bc-677a-55dd-b1c7-3a01ea2385df", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50c66ecc-711d-5ff3-807f-30027dfa5f81", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98ba9fed-95f1-554e-bfc9-b85c290ace0c", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46e04a36-e291-5c0b-bddd-22a7fbce293b", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b71248c6-438a-5de6-96ac-66f10e046a32", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de85a4b9-ffb5-5e1d-ad7c-e53c8b7cca4e", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca27d80f-6b8d-5c83-b668-b33be394e9a6", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.karaf:karaf-parent 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d48db11b-b0c9-5783-b56b-e5433c916ee9", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac301cc4-d859-51c1-a152-890a8c2e716d", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f0035ca-e0ff-5a96-b6ce-1ce8cdc36609", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b37b9ea-68d6-5cee-936b-6c8d66bd0601", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b11b097-1f27-5350-8fd3-e224f2cd165e", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ceb67b3-0b50-5900-b4a1-a7b1fc62a251", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:371e2281-8010-58d8-b7e0-ee425cb2aefb", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:227346e8-28ba-590f-8fcf-2ce430e22346", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae782cdc-5c12-54b6-b3f6-d34491a3035d", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.karaf:karaf-parent 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33bcc7fd-2b77-5e0e-a87b-42361449ac73", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28b756a6-1258-5355-acc3-79f39e9ba378", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:500fc0e8-46bc-5e8d-ba1e-362b24bb03e7", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:270525e9-8f70-5432-a3cf-5b07b0023292", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.karaf:karaf-parent 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4c3700e-9f7f-5c19-9663-e85cfdefb348", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43bdc939-b72f-55bd-9bd6-585c11da1b57", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b8a7dd4-ac9b-5369-a533-2f40c489f612", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:236863c5-ba40-5f20-a26f-a7ef8ec7b775", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9.tuxcare.1" } ] }