{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:36e05c00-8e62-533a-9267-a651f92877fd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts-core", "version": "3.5.11-tuxcare.6", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6b95937e-4763-56c5-9c28-e59ad15bde70", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b5ff46da-6d39-5345-a78a-68bc813ab579", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3ab2a995-a766-51e2-b7b2-3f9f719154ae", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2ab7f325-7e50-5381-981f-c0eab2ee545e", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6d85d761-3e70-501d-a70b-470803af91bf", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0f66ea04-2b00-5f04-bb54-0da4a2685c7c", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:56cd9b65-6ac5-5032-91c2-be076849b9c3", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:746780a0-b05e-5619-b9d6-4176c5b3c9d0", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ac6d2a92-08f8-5f68-8055-93b46aa75db9", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:699ee78c-1032-5531-a020-01c39d02598c", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:116825cc-25b6-524f-bcfe-43ea47bc6e4f", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2137f319-ac37-50b1-ab42-049b1a3a92a2", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d5afc10a-6b07-586e-8539-ed6e343764c7", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b63dfdfa-42a6-5d1a-bb7b-7dabc0b5c843", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5a1cb5f5-6bf8-53a7-b47a-eaf6b2f40b67", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e5451aec-005b-5364-b79f-1391ab88f414", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c43457a3-e47a-5b46-a131-a12705ef1937", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:325859da-3684-5994-9b5a-b223a3c53f8c", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:32c10c20-57fc-5628-a1e2-2e1fec937eab", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7541f53d-e5d7-54ed-9cfb-cce259583354", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9689a368-e0ea-5508-8037-17b5789bdc32", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:79163c0a-7f83-5f75-9d0b-c735701d38d2", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:24d5093c-5141-51ca-9e31-9ab1e2ff4b25", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1b6859ff-be4e-55ec-a0ca-0e221ac1fdc6", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f550b5ac-a4a0-5330-9483-1747a5aa5a01", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bd7d9564-a28e-5a4e-9603-636788d41659", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.11-tuxcare.6." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:60163b9e-9163-5ac8-bce1-d523e3ed517c", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:058ef5db-c517-59ed-bd15-68c998dae5b0", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.11-tuxcare.6." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b99cc0d1-9be9-552f-87e4-a1654d58e512", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b06e9cbe-40de-5f75-b260-50241c07ac42", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.11-tuxcare.6." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6a7378c9-c487-5d7d-bcaa-cde52e5ab861", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c03ecef9-a8b8-5da3-acc4-18a6152b7e10", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.6 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.11-tuxcare.6" } ] }