{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5b50693f-6856-517f-9b58-e9766618e632", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts-systests", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9591553b-1c92-50f0-b6a5-7383b0abf266", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21ffc2c1-6226-5ed5-8a09-331723e3eb36", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f4bb4b4-dca8-51a5-9794-84f388743938", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aaa8300c-208c-5961-8895-567b23d2146a", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d776412-96c1-5aa5-a19a-98082048048b", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db92e469-e284-5bde-9744-a00b9c058cd4", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd551e67-a9e3-50cd-ad6e-02615967c42f", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f510821-8ba3-5165-9f50-7cd495eaad66", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d16db06e-618f-5371-b8f2-aae180ff6de4", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91478261-fada-5680-90eb-902fd3ab2b91", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc51da62-4486-55ae-b359-5d4d7368df4a", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11fa5660-3d92-5985-bc13-51be6cdb217f", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d7dc63d9-2176-5026-beed-49f01a4e412e", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0402ceac-e6e7-5003-8785-7d2143841c9c", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:688ac84a-a8c4-58a3-9b79-a8e19b4958af", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a331e41-4d28-5b49-9073-ec4f024a1772", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97e7aa87-24bc-5153-b465-94e3f4f2dd01", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-systests 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba678337-3ed7-5f7d-8550-16d718f84898", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e674efc2-e191-5db0-86bb-0de1fc285560", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f47eff2-47a4-5e95-ad77-3fcd0e461954", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6939f3d-331b-58b4-9886-cc76d48628d9", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4feecbe-ffcf-59be-a4b2-f3fdf3f47976", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48478a06-d804-5b3d-94fb-7556bf722cf7", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34a3afe9-8ee2-5ed4-bc59-3dc6cd40b366", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63e29b8e-dfbd-5fd4-9eec-911d0e766e0f", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed02be12-3d03-5f9d-ba06-36d2a33c9b48", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-systests 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:257b1f12-b67e-594a-bc2f-4433f49942d8", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e871c6b-85fa-519e-a62a-0855cee5d018", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9802587b-81ca-5cab-9b2f-3b98288082f0", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9ec708e-2154-558d-b34c-842327650734", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-systests 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a700702-f2bb-5fd7-9a81-436b62767327", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23f3e096-8e3e-5754-92a9-a17a56be33c1", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b84b4203-6b7b-5790-8e41-44c2f4faf4d9", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:862b00e4-6ca2-598c-ab2f-69c4adf39520", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.2" } ] }