{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:03ce7a71-6f4a-5e15-8061-4280cabcc9d4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:53e1a0c9-1fa6-5d91-bc55-0c0439ea70a5", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a590db00-a3e1-575a-b95b-2348aaa5c10a", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9509ff1b-4906-5e41-bf16-247908c01b0c", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94c7e370-f15c-5c88-adaf-e7d245e5ab06", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:248adfca-dc36-5ef1-9a77-3ca8f4e4944d", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ade1dc9-663d-5ba2-992a-738382919125", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49c59b80-75c8-51cd-8b99-cb920903d7ca", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:437908e0-03e5-5ad9-b5dd-28be73374651", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6012c19f-8678-52b1-97d3-41eee8f3b4c9", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e3ea103-59df-549b-b4a7-a1974a7b6bc2", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f35c24f-3ac6-5643-b440-73583820d8b1", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de678223-511a-5900-ae47-23326d88d7a3", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55d4427a-6509-581f-b508-e9d413b80a31", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c9c6236-813f-59f1-9c02-6820b34fc336", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1bfe0ce-072f-5e15-889d-e0abb41a09ce", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad9bea08-0147-5100-8567-94f729c305d0", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0162412-1fa0-51af-bb92-e30905e0fb42", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f73edf8-9fbf-5a22-9bdf-c5f363241eeb", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38551a8f-eb38-5362-8d7e-b814bf682d3f", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f347a504-2a5d-5876-b22a-a381f55befa9", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f206eba-2947-568b-bbe4-bb661a54078b", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83e9a22e-cc70-5dcb-b61b-f64cf34a19ec", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37c52e67-1808-5cf2-903f-28cef5936fd3", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86723567-6351-5905-91c9-2903c3425afc", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40723499-5471-5fef-8737-faa8a06bcdff", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a880401-494d-5eae-90b8-ffb2a43acdaa", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b9c6cf1-3852-5720-8430-1a01426fbbe1", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e538a39-a3d5-5208-b45c-62f129428f58", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de9b94b1-6ec9-5d72-8ff0-06f8b37eac2a", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be96c940-924e-58ea-9629-fcda6f98bcf9", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e0b315f-506a-554b-884f-2b525ab399e5", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7ba81c4-677f-5a9c-a7a6-8d98cf197cab", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5a52864-4963-534d-873a-71793f5468f3", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74601b74-1abb-544d-b734-e34fc3e0b785", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.2" } ] }