{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1973d0f4-4754-583a-8158-421c56867a35", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "apache-cxf", "version": "3.5.11-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d6d16424-25da-5c54-a38d-56b99c7dca01", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:578aac8e-8855-5d0f-b7c6-c34d140817ce", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14e79599-951b-5aec-99c0-f22fbc80f893", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0da369bf-d880-537c-bed8-9332e60471f3", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e2fe3905-d341-5a15-9fe6-9da7f8f65004", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fdc6cd72-5b1c-5538-baa6-5603a7cc8e4c", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac7093bb-c617-5e69-a35d-38357b6c7c55", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2011186f-20ad-5636-b4f4-09014683ae95", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e56c1a3-d25e-5c24-b2d2-a05b21ac7420", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8e94d32-c2bc-5780-bfca-a7da5148911e", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:942975ff-4a3c-5242-a9c4-92513f8ed2d1", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fcd2a1ea-c633-51b9-989d-e0b0d8c54c1f", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ec7017d-158c-54a3-8246-42236fb3b2e5", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3fc66f0b-314c-59ea-ae56-5911bd5a55f9", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:75bdc017-060b-5ff7-bda2-39f15d10ec9f", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31386156-a9b4-5ad5-a3f3-251fd070c7eb", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18e1437a-8d93-5df9-9131-fb63b414a4ad", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16ba5b83-f395-5982-b5ff-44756a3cd618", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1bef3fc2-d8ec-593d-9a91-04eab3e59c12", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fafd071-e0ea-5526-876a-d7acd6cb4aa3", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ba93f19-967e-590a-95d2-1e59a237b127", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee6c84c4-f7ba-5392-adb8-c058c010bab4", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a975ceca-c029-5a5f-890f-a27b8e934e49", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68a32f8b-029f-5b1f-9657-66f06328aa1b", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:966204a4-8981-5163-a923-87550c419f35", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4baf2c60-3006-51a3-9a2c-7978eee60c1e", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:apache-cxf 3.5.11-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80102fe0-fe38-5941-8c15-d0cd2d48a20c", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f7d1a8b-0aea-5485-8be4-fdc62018acc3", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf:apache-cxf 3.5.11-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85b8cf31-b93e-5efc-a21e-d7954ad4a94c", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92d2793b-961c-5a13-8031-66d1d5a0398e", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:apache-cxf 3.5.11-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a9223ed-2cf7-52d3-8af2-ea5ed53ead11", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ee60cdc-23cd-5d32-8813-e3c7b097d134", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.11-tuxcare.3" } ] }