{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a9d47977-5efd-5236-887b-4b7cbead2078", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7669391b-c86d-5a1d-95e0-4f3377887988", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eef4b90d-02ac-56b7-815d-cb78cd3ec99c", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:843a09a8-20d3-57b0-8e65-4560b05111fe", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c93c8124-b2bc-5a11-8259-c138675e506f", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74bfe906-19b6-53a6-88b0-ffd5f0e05860", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd0bcf24-598a-5c97-9399-1f099b4e0e81", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7182182d-9251-5bde-a4d3-e30cabf577ca", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d53f5c38-c20a-5c32-aea9-a0f1c843651f", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4585d9a-4db4-51a7-8f66-fd78a4be0f9a", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d8f7dd8-e7f6-5269-9fc0-685004816dec", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:090c41b0-28ef-50c7-8474-52554b65588f", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d1353a1-f4d7-5b7a-820a-b85fed9e89f7", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a974fd38-6d1e-5d2d-ac0c-87ebcaa01574", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20c13076-964c-5d6c-a51d-c8e802df8a29", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d668063-e503-52e7-a68f-f8bc4a8517b9", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7f8e9c5-a1d1-5f2c-abdb-4eb5cb056973", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2d1349ae-ef52-5552-823d-a0fccbf87b44", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c36d77d-7d20-54d7-aafb-1d2e507f25c7", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ba4df83c-55f2-5176-ac3f-e27191cf8a94", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:64c2de79-af5a-5c34-9d9f-9d19ab470e04", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:18f5fe9e-7001-5503-bd65-d6d6eadccd8f", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:89ee316c-8752-59f6-85e4-b144de491296", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8fa4ce2-2e8c-516b-8f1b-9404aefa3295", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ff4b749-2dd1-50d3-9cfe-82a50816e289", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e14e5fe3-c5d4-5a34-8e23-2f664bb4ee43", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7737e525-74db-5c52-8c6d-2ee46026502c", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31e873cc-65fc-52ee-b5e4-ca309d57d5ca", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1781b329-0082-5eaa-8cb6-733ce9395caf", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b71be2f-c0c7-59dd-a0a5-2320ac3142d5", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5359f014-cc84-51dc-b945-70826305be59", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b81f7ed3-49c6-503f-948d-d521de8c1ab6", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61d07ae6-b09d-58f1-8a5a-de0fd56f6f5d", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8bbeb020-ce61-5a7c-8e35-861a06513f76", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aba07765-24e2-5dbf-907d-e715c6b06c27", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.4" } ] }