{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1c1e9fdf-2382-5153-a224-fb6552fb19be", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "apache-cxf", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a57bfbfa-456f-5b64-84bd-8996ad2c7b45", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2caa0d3-40df-51e7-a851-3e06b033c934", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d18c2742-51c8-5185-9fd9-8032e20d3522", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00fb584f-cbc8-5e94-9645-e2e8a3f75507", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4559160c-0ab9-59f6-8cce-08f0a7e4fd65", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a95b22c7-7f68-5663-a8e9-92f907b9bcd4", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0af72348-d30b-5848-b8be-3416f57ba74e", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:952bca38-3fb3-5490-8717-a928d48c2371", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd5cbb06-fb1e-5480-80a5-de952bc4818e", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a160b506-35ca-5eaa-9b15-688e46b1d77d", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ecea2213-f4da-51af-a863-de2079e902c8", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0379ec72-f641-53d7-b9bd-925f43cb4536", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:187d17e6-ba59-5e3a-8337-b2c20748921f", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:517782fa-2c63-510e-96d1-9871f74d883e", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c970362-5a18-532e-a519-2a1e36abdbdb", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb09153f-7f23-5653-83ee-7c8b1ada1076", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b16d6903-36ec-5ef7-a61e-b61b2867c8f8", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c83348e-aabc-54c3-a4bd-63546e71760a", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a1a03ba2-3f65-5bce-b84d-6142565b7a08", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:11b4e62d-45a3-54a2-96ed-50724103913c", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca25f6e2-ffe9-563a-85d1-777f2b233d0c", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:777bafa2-d540-5425-8857-7a1e329d5ee6", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:87a5b6b9-2aca-5aec-9869-41f22f567b1e", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc432564-abab-5391-9fd4-b5ca224856a8", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9eedeac-98b7-5c33-94f6-6ed1548b9b47", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d0c6495-ed49-540d-94f4-9b11d960b44b", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74f80dbe-5b8c-50a6-8890-c2ad949d9578", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9afb622-8601-59b3-af9a-7e4af4c53dc5", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b14424d1-c587-5a6b-a533-a20505196f91", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0732f31-4ca9-5191-97ac-1d9e4d830a40", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e51e72c-cd07-5b76-8366-8c069b0c7dae", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cacb6380-5f32-551e-a9d5-68c81a05d877", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:609eb280-df86-501c-9d03-9fb0706c60d7", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:362b4052-49fe-5bd9-a4d7-7ddb78ada01d", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.3" } ] }