{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bf306d50-2fd3-58fe-9731-d68cfa6f39b5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts-systests", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:18744a99-35e9-5fec-a484-84f0f543e829", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5cba152e-433d-5518-9ecc-0fed3b09680c", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f894666-63a4-51a2-836a-227a1e5cecae", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d2a88be-2e91-5ede-b3bd-64576a0ee3a7", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd4baa89-fa60-5637-9c21-808b6fb09b5b", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b848eac0-9958-5211-9f2b-34ca51424cde", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93455bef-e223-5a1e-af67-20dbd8c8a3b6", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c948e52-df18-5186-be71-9ca05742b7de", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:094df7e5-99c9-560c-b967-f19dcd1d217c", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ebf649ca-5553-5ce5-8844-cacf57f92215", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3426ab9a-4ef1-5950-bad2-ad42f1434e0a", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9847c94d-0552-529c-aeb4-3d4d00f4b276", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0ceced86-37b1-5ae8-a4b5-632bdc1fdef2", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2043ca02-0497-5859-affa-8c40bfeecc43", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44262fdc-53a8-5505-ad96-4d3ed6128d51", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97f998c0-33bb-5673-b54a-438376f85bf1", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:435d1427-4ee3-5128-8919-e8b75aa4460b", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-systests 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7944debd-8bfe-58be-8943-103205d7db42", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c58e0ca0-f486-529b-b9ef-91c0c8986ee8", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7580ec5-35fa-5fbc-ae47-b5ea9b56451f", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4aabae43-85d3-5e87-b4d3-0fa9bfd71f2f", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:19d2ff6a-7c1e-5c3b-af4d-ff193ab1311e", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1087dfa-2b1a-50c8-916b-4ea6a5caa0ff", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0bebac57-145b-5415-af5d-574b6bb48997", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1f78ab44-3f95-5623-b537-512e2b49225c", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e7389e6-5a31-5a78-ba1c-7b59ca3d5d7a", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-systests 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:be1b0f2d-300e-53cf-a47b-71e17e920c5d", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9a3b0639-908f-5086-9e32-94e14a92828e", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb4eda6c-2d39-5623-a82b-d80d36cb2cc8", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20456005-7d5c-5855-915d-f49a601e3b7e", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-systests 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5fadb4c4-5671-5817-9b49-ecb0f49cb2a7", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7fe6b5b5-8c34-5d9e-bb5d-8657e696bb2e", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ad871774-2e24-547c-8af1-f86b6bfcaa5a", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0855ac80-38be-5e7b-b126-6b29bd11002c", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9-tuxcare.4" } ] }