{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2b4f0009-ce55-504b-a79e-bf7f2918e594", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf.services", "name": "cxf-services", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fae0b724-a7dd-562e-b3b7-11bd94a36286", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:454e61c3-edc8-5807-b31f-e1e0b3097f52", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be9da4bf-68b2-5b9f-a509-5aeb869523b5", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ab29e3d-73de-542e-9a6f-a063daab987f", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd64f0a3-3ae2-5993-a65b-1e950c78bcfd", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cdc889bd-0fe4-543b-b8f4-269b3dca2fd4", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1392fe82-84b9-500b-9d65-63f5935437b1", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1d66f06-804d-5d18-88ed-ba60fe118f9f", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8c7c028-9bb7-5796-8718-df21cab8442f", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5450835c-8070-521b-832c-c49d1c7d35d1", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8a11fce-ee00-52bb-b5f8-68b5d6dd9030", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef997d4e-4f80-547c-b9e1-bd26cc805b55", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60972837-dafd-5364-a555-63f76a76401b", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d326065-4097-519a-a060-4a5f43aa0d5f", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b49dde64-ffc2-5f62-a6e3-645f86f73023", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6f20eca-08f9-53c0-a93a-5462f69095ed", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d889659-1d8f-5eab-ad69-397b631f1d45", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.services:cxf-services 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:627cfb8b-c08a-51bb-82ab-1939098a808b", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca159834-0e51-5790-9cb0-6b76c8b52854", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6334fc60-784f-5093-bf5b-b43b38f6bbb0", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4856f4e6-6a0a-5518-949e-100cb4bebc38", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f24f7a38-68eb-56de-8217-1ace8b208dfb", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac9854dc-2d10-511e-b4b1-4bde048e6b63", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b817282-11d5-5f4c-9a5d-2e8dc8ce878b", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fcee0ed-5e1e-525f-ba90-a828cbeaaf9e", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f1b7cd0-262a-5c27-b8f5-c833570bb550", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services:cxf-services 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:231a4998-8116-57c3-b02a-03bf987edfe0", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aae0bdd3-ea3e-5597-a094-36612ca2eb34", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a1ba591-7529-58c6-897e-2620f7f15df3", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8692c25b-392e-5483-9c8d-bd20417e4e91", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services:cxf-services 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23ce7ce8-d57e-5b35-b1e5-418fd15eaacc", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6285229-4311-52a3-bc4d-62f7b4a3683d", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa8a65d9-9c55-5f17-871c-77df5f36a69e", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ac6c536-b505-5b02-920b-7315a82c3a93", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf.services:cxf-services." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services/cxf-services@3.5.9.tuxcare.1" } ] }