{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:50edd34d-a32f-53b2-9200-642162e58027", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e85d61b1-4d61-566e-a410-49dbde3f4c2d", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c4a7cfa5-13e4-5b86-b40a-efae066aee53", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05e86338-7ff7-50d6-a244-b872bad3ea7b", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e1a6d58d-ade0-512f-a0f4-758b21db40bc", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62de964c-49b3-5082-9517-072e562e549e", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48cfae7d-1d4f-52f1-afb0-76f9f0ebba3d", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:34c689d2-49cd-5030-9f83-52c9a2516457", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1b0dcfc2-cf9c-5790-889e-9a4e24b04569", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a8bd271-a806-5b4e-850f-59a5db297880", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f86585c4-a57a-5aa3-812d-0cbdc25a9356", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a19de81-056a-5afb-b470-96988eb3407a", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d150acd6-c298-56ef-ba64-fa5b0b029f4c", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6771e61d-a3c9-5c09-8b51-62773f80ca55", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:826fda0e-ece9-5930-b84d-1bf8c831286f", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ca3515d-00da-5f8b-9444-caa6747a03dc", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d3698cb-84de-50bb-bb25-7aac06ced910", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eff3449e-0fdb-5cad-9d2e-d0e54ceb3d13", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:210c7b1c-bfb8-5cc8-b5cc-4beda334055f", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8e3d051-bdfc-5be4-8e68-75cb222ec9eb", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:609bbce4-f122-56a6-9132-105427921b3f", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7eef6b70-22b4-5779-a8ea-52209acfd9d9", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6778d238-1770-5715-a69f-f7d57ca23464", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae3f9914-186b-5a17-ad0a-3d304abba5d1", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9c3db45-9603-5192-8c7e-9c9f5985c951", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12a82bb7-339b-5597-bf1b-36d66836983e", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a327f9cd-d56f-5ca6-bdfb-80bd4c0f2e97", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96ea6cfa-a1f6-5775-91a1-a2b27a40703b", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61f9c612-09a1-5e7e-9821-d9b809c58ffc", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cdc1011b-ee00-505f-a328-f536b8d8c38b", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cfc55228-2966-5d7b-ad20-f8f36d666f05", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:323cf35d-0805-596f-bdc9-5ae71d2cf357", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7b61ccaf-e3c5-5919-be25-d008b22ad5f4", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4263dbac-b9f7-5b91-ba63-3dbc6e340471", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:df5b17f0-8f8e-5560-872b-5daa7d86f634", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.3" } ] }