{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cc52a2dc-28c2-528f-8ec1-68787f5026bc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "apache-cxf", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cd765f95-b3a8-5649-83bd-580a3d2613a9", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85e98827-45c5-5bf7-be26-44af0434ea36", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea923274-3773-539a-bcc7-3fa5de5ae72b", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39a41bab-53e9-592d-a8c8-c7ec0ec8564e", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d942ea2-32ee-5da3-a54d-a73c39908106", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75602255-41ce-5470-a6f8-3b8ac5db4b30", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efa35cdb-c71b-5376-87c5-c85467cffd10", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7d4889c-85f4-5f95-9912-73e62a11b143", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6db8a4d2-9335-555f-95df-b5689705026f", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6da4ac7b-a97e-53c3-a48c-95734d1a050c", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:375b9ab2-e73d-5baa-9fd1-ffa0bf6d35e2", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:501f325a-bc1d-54ed-8317-43c5097ade3d", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22b6eb34-c998-518b-817f-c9faa487490b", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6133d9f-8473-5fb9-844b-d3e6c031c7f4", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b77c424-0a69-56bc-bf28-d5be42588133", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56b3a657-f993-5a58-b9b0-b746c7e21f31", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f12e565-0c55-584b-9a3e-e530508c7f05", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29a6185f-b5fb-568f-a86e-c795219e529f", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff25d108-050f-5697-b6e0-dc32e79744ac", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f29da4a5-1c44-5517-9de3-a71c3a45e68b", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34d5fe52-8d07-5e2f-8c8c-7fc43e5b4188", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c680612e-92f3-5b95-b278-b21c12351def", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5c0e038-7bb7-5097-ba62-aad8421a95e1", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dda742ce-5a41-56b8-a55d-619426b871ba", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfbe7a97-6c0a-580e-a8aa-8482474b752d", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d8f21c2-3cbe-5adf-a09b-6b57b0428c9d", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d34fa45e-4165-5d50-8ee4-8ed941bb7acc", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35a4d607-fe7c-5474-a00e-b1eab2a8f4a7", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68e07402-aafc-5004-8894-2243443406de", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:862e7dda-85b7-5f4a-8cdd-a0f80b0d63f4", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02d0117f-acba-510c-bb69-56249cbe3152", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7cbebb89-319d-521c-8d25-42f1f3a86a46", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28b7a2c4-3555-58d1-bee4-fafccd462cbd", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29130360-436c-5fa7-bddc-b9f8a2b34aa3", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.2" } ] }