{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7f4be0b4-4b06-5dd8-8435-ff2df0596717", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts-core", "version": "3.5.11-tuxcare.4", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f52950b6-3e24-541f-82ce-8659bfa19a75", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d3396da-812d-58fa-a66b-5261e78f3def", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d24bbe31-d0b5-5458-ac62-0dc7c3c4941d", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4eee97ca-c437-5b0c-afa7-4cd1ac51cbfc", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b4d76ce-58be-585e-af45-bd6482556ca8", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:337d71df-4dc3-5f98-aba0-b3ac3c801473", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:480d0dee-fbf8-5916-b4d0-f790a39269b3", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bf99a2aa-80e6-55b7-b3fb-51b3dc6a2017", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:63c2350c-e3c8-5e6f-ba88-1be718a282c2", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44edcc07-ecd3-5a08-bccc-11c8fa4bb68f", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d916dd21-d19e-5a35-aea7-926bdc7c5cec", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:be661835-5597-5bf4-b74a-a89dcf1ba754", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:05fee573-a1bc-5c60-b18b-73adc2810edf", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65d451ad-7bad-5157-b00e-3d34b73062e8", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9de280d2-0478-5c15-80ca-902dd7c91d4e", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c1bac215-b933-556c-bcec-2336d82d3a9f", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4761b9d0-f3e9-5fe5-b190-2deed455367e", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3d0b948-2cbb-5bdc-9020-1172cbe625de", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ecd8228b-979a-5e33-80cb-09749eb394c6", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:10b55560-b661-5b41-9763-d9ae7ff69605", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:442e1cff-d1fe-5240-bcba-9b2aefcf63b5", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b081430-fac2-57a0-894c-402258ae6d07", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d928396-f28a-5c4c-a278-9b24e9159b20", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49191516-59c4-5e9f-aadd-89c08e19b269", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57d38a79-898f-56e2-9294-ac209b16777b", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cfee69c6-b2ff-5a0d-8e8d-52df2e7cbdc9", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02b07896-6340-57d1-ab91-be3439e80112", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35935df9-29e9-5892-a443-8f27ed4c95e4", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff8814bb-b590-58e4-989b-dbaa189ef29d", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c2268c51-067a-5275-a3ea-154c701943f8", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f0088c71-9e8f-591e-81f6-ffce6d5f396f", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d6020c71-01ca-5694-981f-59e5877e81b3", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.4" } ] }