{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1e9970b0-d32c-59b9-a382-591298d84660", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts-systests", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:22623f7b-c868-5de3-8fd5-ffe06a66b7c9", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:412e89a7-992c-5f6c-b1cf-69d4544f0bdd", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:182f9f11-2854-5a9f-84ca-ecc283d1ab87", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c59f15d4-4f0f-5800-90dc-901dde42d750", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec264917-17ee-5692-8035-e9c94b8f014e", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9254466b-3a80-5960-b4cb-728abd9e7481", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45a0e855-d590-56d8-8454-c04bc5cba902", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae07478e-8517-5604-aa02-4663af3f300d", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb35deab-fa4c-5a3d-87c1-24be02fde3fb", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4eea69ee-9d36-5736-a570-daf07459acb2", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d267e40-64e8-523f-ab17-1f3e4dad2bb7", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea53c84b-e785-5616-bdc8-d896f495be98", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f08727c2-e93c-574f-bb4c-8a748059f2b2", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de9c82a9-47c3-58fd-8c58-42b71c1574f8", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac29e324-217b-57c5-802d-5ce41b4d0217", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41852ff6-15c4-5570-9341-15064aadf156", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62a4e527-6b47-5073-8f58-b54744448c26", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-systests 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c6921fd-7959-5145-946a-b643f7043d72", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7871ace8-d057-5c7c-8779-e091046e26c7", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:079122f6-baab-5d2a-9778-1943423fda32", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5fe09d66-a4c1-5e0e-8ea1-99eb492b1e5d", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86d32067-842c-51e4-9b40-0890db8cae9a", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cada2757-a5af-54a0-bca3-dab57ea5f83f", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fcaa575d-a2b0-5fb3-94ed-122c59f1a250", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cfa6ab9-730b-5ab6-beda-7e20423726cb", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f35bb3ef-1d56-5762-99cd-106837900641", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-systests 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a9dd9c8-9312-5cf9-a66a-251266a883cf", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50dcf700-b525-5dcb-bd84-528a6921ac88", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea828fdf-6c43-55d5-8ca1-f8fba49d84ed", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8694468f-84dc-56cd-8597-dbee10fb15a0", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts-systests 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ce78869-f3af-5a58-8ea7-ca8117f92a72", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea6bb0fd-44fe-5066-80ed-ab3dffaec0fa", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f558f46-73f0-51b1-a6d1-7835e51d1fab", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31992d11-fe78-5351-ab5d-715582ae2ce3", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services.sts:cxf-services-sts-systests." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-systests@3.5.9.tuxcare.1" } ] }