{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e67e63e9-2c73-5c00-9e99-f61fb255c14d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts", "version": "3.5.11-tuxcare.4", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2cdd530e-b740-5fa4-9c1a-da0e28a42b4d", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c352e279-8e2b-5036-8e42-5d6b04def862", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c601e32-2294-5151-8984-c31b58e6217c", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9ee929c9-8d29-5dec-8f5e-e4ee8b6d86a1", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c815cdeb-a638-51a1-be47-3b93af10031b", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e572fd1d-6b20-5b2f-ab7d-c5b580b422ce", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:135a5403-2f3a-5c55-b2f7-8f3da9fde955", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:83e4c612-138e-5991-a690-1ada26871cbc", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08451999-3b35-55c7-8d9a-1f9ec452b1d2", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e7454a75-0d00-5a5e-8cf2-6ac243ad120d", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:28d38650-d106-5140-9fb6-91578aa8b169", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9be18d39-77dc-58b4-b20d-6682638077fa", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f85dee46-03cc-57a8-b977-77bf3c48b6f0", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53103e35-6f47-5567-944a-dfa7f03f5ff7", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5475084e-be17-5c91-9945-d9390580e1e3", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3a9a2b2-bf98-5b18-9668-9cf17eb4007c", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d3c148b-1fef-5030-a39c-3d1f9bde1db0", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b38f2b2c-09d3-58b6-b5cf-25c63df9fbe1", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3bed2767-7aa1-5195-b700-3ad1cba0b0d3", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7aac133-48da-5212-b3ed-647968d3dfcd", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d91175a4-3900-51ee-9b30-ea1127851740", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:21cfa2b8-e293-5ef6-a863-13e0cd07fb8d", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1ba90b28-ad8b-5845-81fd-40146dd6e7d4", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4f8f1b60-2624-5b79-a214-944fcdd5c3d5", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9bd21b85-3f6f-528a-8f37-700cd4b29904", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5c0b065-e6a7-5c25-8ce3-00e403530646", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7dc51a5e-439d-5a3d-bba1-fe6db936314c", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b7f9e6c-8076-567e-94b6-48a6359e6853", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2fc5a0b-ee48-5043-929f-a9575d74b60c", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea62c38b-b49a-5223-ade4-b333e436edb4", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e86e8d2-ce48-5879-944b-6d0369039396", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:43bb6882-4ff2-5e95-a945-82ab5d2aa600", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.11-tuxcare.4" } ] }