{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:062556ab-5592-50c9-bd3e-ca3cba6b30b3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2", "type": "library", "group": "org.apache.cxf.services.sts.systests", "name": "cxf-services-sts-systests-itests", "version": "3.5.11-tuxcare.2", "purl": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3c8fe5ad-f996-55f6-9dd3-9dd30cb66ab9", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3f0de96-74f6-5572-8d70-8594544efd4b", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb019765-5afa-5fda-91f5-2601391c1760", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7668eb23-fa13-5497-adb2-6a55d46f54b7", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0155dfe-a8ab-511a-aeb1-c1ef29031b50", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a3ed284-a6ed-507f-88c9-a5c779ea74c9", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02b90a10-e06d-5243-83a4-4929db33a87d", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d00d3c8e-bd4a-5dee-abf6-fed86b07ddb6", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03b235a9-a1e0-5715-bbeb-e377eeb2323b", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8bdeb720-aebf-5211-b0bf-df6b25e4fe03", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6099689-9af3-520f-9ab0-527ada3a9e68", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cdc788e-6d40-53d4-b891-c3018c7df450", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a638d6fd-3ad5-581c-8dda-ec380ecfa86f", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2ec1ab9-98c6-526c-9359-915ff81e187f", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f5480a2-a9fc-57b5-ad40-6cc48b9160bd", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5343352-19eb-56d6-b9c0-92b0dfdeffab", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9d4d29e-8761-5ae4-aedd-37e75d17dcc4", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29cf9920-f83a-56e1-b977-66b849976808", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77351e72-dd03-57da-ba60-8ebb6800168e", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e36bd8e-9cca-5ba2-93d9-9dcd8c9389d2", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3b3d312-4546-51b1-be62-c4f10c126440", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c24c7ae-1df7-586d-9951-71a208ae839b", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ce8c525-d64b-5acb-b62e-154cb578a3b7", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b5ee54e-19ca-5d25-964c-975474a42de7", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2970b04-b321-5af4-929d-dbced8f68100", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54b15c89-c55b-5f0b-b222-0d2e0c39f264", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4830e70a-2c1b-5691-a7fa-78471371c8b3", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4a25357-0bb6-5841-80c9-e600e16870c7", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc04a292-c439-52a7-914f-85c70b56f53d", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bd74f6f-7431-5a50-9506-05e10cd1a06f", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20a99c03-ebc2-5b82-8b83-2df3edf7606f", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4bd3165b-069c-5aae-b572-ed1879b2e936", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts.systests:cxf-services-sts-systests-itests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts.systests/cxf-services-sts-systests-itests@3.5.11-tuxcare.2" } ] }