{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7620c2f8-9684-514e-93a2-fddb824dd583", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts-core", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:07bff90f-b85f-5b06-b224-a262d691b10d", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0b4049b-b8e3-5997-b671-68ec57c097de", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd6e53b4-cd41-53bb-9b4c-e6ea02983fa4", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e4d15cc-743b-5541-b322-28bfd0d645c5", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14a07d82-6bda-52e8-9928-494d7143ef15", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f8d8c36-a5e7-519c-bcde-085d24eabc14", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef1576f1-755f-5148-a55e-9df58858b44e", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:58dce3a2-ac54-5df1-beff-074cc8c0ef98", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd57e9ce-19e2-5584-ac11-05e6079716a9", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef81cd1e-bcdc-5806-a043-c054419ab868", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82b6f50b-8f50-5ac9-b706-9718e52a3ea3", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6df73d08-53ca-52d9-9b14-16bbcb38016f", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:791631b7-104a-5a5a-9a8c-4dc4438236a8", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0f1424bd-d233-591a-b335-ae02abce0505", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5fc63d0-f587-554e-8ac2-3b3c3e239e53", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad0a350d-f2a7-5d05-abc2-19f7f6e0ade0", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cbdbdd3-cd86-5aca-8161-28b43f35a784", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b89dd0aa-3999-528a-8b3b-80d6c4862214", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b963c80-5595-5b9a-960e-ca3e8f113b04", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e788d92-85b8-5230-a42b-3e0f2c575cbe", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f0a4d5bf-1b24-59f4-9eb2-7f5fce8d9955", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c7bceff-b222-57b3-878c-5aadea675579", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dce62099-c2cc-58ce-9758-71bc83f97187", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:185a6fd7-0280-5de1-b043-ea4bca3d9d75", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ee2824a-2bb0-5b48-99fa-29dc07ddd0ce", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d423bcf-88f7-590e-8b3f-616800b117bf", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8092b0f7-cf63-5446-b847-5dfd6bc36095", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81eff9bb-e6ac-51de-9b60-624a1238f469", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:588a15f4-a692-5cd8-ac4c-2d42fcdf4e65", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e4fed0f-d662-57f5-97e9-e873d77e5052", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-core 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efd34e9b-fdea-5515-b338-059bdb7f9018", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d4e8ef0-4268-5cb4-89a7-c8df080bba63", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8def13d1-2c18-5b2e-9b72-14eebe3f5dad", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:541dd5f2-4ffc-52fc-8a44-49081ed61482", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.9-tuxcare.3" } ] }