{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:43ad616c-8c39-595c-8735-ad6637d9514f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf.services", "name": "cxf-services", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1616eaf0-ef4c-5322-a40f-67e207aa6cc7", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a9f351f-823c-5ad2-85fa-ed7e0b8d3be9", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74e98dad-5df6-5d85-aeaa-c722d4544246", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39bd7267-ee8b-59c9-b8ff-1118b8f891cc", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db3787ac-3636-562f-b907-6b5f84ae153d", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:493028da-dd48-51dc-bcfe-f5b2d0317f1f", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ec470115-ef04-5f6a-830d-7066f90e7971", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f1660f6-678e-52c7-bd84-70731238df2f", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c433cbe-a167-55c8-b161-ba8400c08d31", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f9f9e345-89f4-59ba-981a-a791cc8338f6", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e63baeff-48e3-5792-9074-67c140ac4cc1", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b3253a5-4689-5b4f-b3c8-e403be1046db", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf6dd579-ad59-58e0-897d-a423cae6cf89", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb4a1501-dc2c-5f63-a82e-4ea60eff428b", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:748e036a-ae2a-53af-a334-c08b6b9dc18d", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b1bf455f-5e89-54e7-9a49-669b28a78e2d", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c550e18-2b94-58df-a2b9-48b3b3c87981", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.services:cxf-services 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aefa5a0e-7efd-54c6-b2d7-b4804cc90557", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1ffc85f4-79f2-55e2-a54c-ceeda9052b75", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a660d6e9-748d-5359-b7a2-bd6a5bab455a", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1084317f-7a75-5836-8ca9-deb052700520", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0477f44e-1be3-5e1f-b812-c6f74f42473b", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b07b9a3a-6e9d-5b3b-aa3a-4fed0c749201", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7bffd451-bab6-5a07-a230-28d03e001811", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f507cc4-8e05-5ce7-b9a3-ed9d6e6685f3", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d8c28b9b-3b6c-5eb1-a49e-2ae13b5aef0f", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services:cxf-services 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:996d0355-a352-570b-97f4-1c7fccc589e0", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:289a1a1d-f6cb-576d-be60-2fc447aaef87", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e464cb5e-fc85-5c69-a604-dfc6b826cbae", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb414413-90b0-5d2e-85d0-7493ed99d901", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services:cxf-services 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:54eefe6b-c23d-5bea-a0e0-ff36776ac443", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d0e44763-07d2-5c6e-b5ed-e5accffd48e5", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:99d9d170-3f8b-55ed-bf3f-9b641a160708", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:09c05f36-9b0a-5f12-85e7-557d14d8207b", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9-tuxcare.4" } ] }