{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e7eec7ab-e7e7-5857-a163-199469042a2d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts-core", "version": "3.5.11-tuxcare.2", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d4f6227f-6c4e-5336-af4f-8bffa63dbd58", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0947062d-ce42-5448-857c-93ae8be53762", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c29b9040-9d45-55d1-8035-a38419b86ba4", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36146982-9e5a-547f-a3ac-77e0cf6754ec", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da2f78ae-c41a-5e79-af95-6e7688f3fafb", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d6b00af-e4d9-5070-adf1-6d1f75afbc4a", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f48dcaf4-41f1-5dac-b8cd-7536f8c3b54b", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:43eab46d-7600-5bc7-8c1f-ee70710462b3", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6123722-e10b-5715-957c-b1db592b8b77", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:836cd12f-12b2-5ad3-9eca-3fbc2925086e", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60aa80bb-c0ad-5dcb-9f71-4eed96dce157", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83306176-31b6-509b-9dd9-2b98a76893f3", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62da75f6-9563-52d8-aa62-3188e0af2203", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2492298-da04-5fba-9246-02f9c5620cf7", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a045df81-6ad7-50fa-8490-1941f1e470ac", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfd26e6e-9641-5050-85ea-16d4c437bf41", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6f0564c-6d98-546a-8f48-e0bcfd861b6e", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:760f6c38-deb6-5f9a-a540-71015ba0ffbd", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b36d3f0-8db2-5427-9bd3-74aac502f388", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:321b175f-f355-5782-80ad-88090d1011b0", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f51dbecc-d21e-5a82-9d50-6fc7d17cec98", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e074089d-8779-584b-9946-272913d373ad", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c27a3ab3-6d84-5de0-8389-2f3006c6492e", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:270247e5-8d57-5399-8a64-e794d471b7d2", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08d970a9-a9c9-56c0-8ff0-b3bced7183a4", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:488ceadb-92e6-5b1a-83d5-db0baf767c70", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18a72a92-b3e7-5783-9434-4fdf3c1fa6ad", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2262eeb6-f997-585d-8ee1-ac5971df51e8", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c3a49da-4628-525b-8ee8-8d5025ec0d2b", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4c3df10-ab96-54ac-b243-4886b3a645a8", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd0d6693-0ad4-58dd-b4ac-dae73359720c", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:919daddd-07d3-54dd-8948-75ec1027c4d5", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.2" } ] }