{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f2f48c06-8837-5c1e-8068-5873fecf932e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "apache-cxf", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1cba1e78-9db3-519a-92f9-9076ec774ba7", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:01335e55-7e28-5a22-b4e5-4388e0f05937", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:07265947-66ce-5729-9fe3-39e44078b3b9", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c821170d-ee77-5347-9298-7cf52db90571", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cdc729f2-a68f-5a4d-9e97-b801ecf65b5c", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a2660cf9-72bb-535c-b99b-1c1cae0638a1", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0ac6ac14-031c-51c0-8864-5126b8991611", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c2514f0-0edb-57c2-b1bb-098181685d0b", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c112554-55d3-5909-a29f-43b3ab02102a", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6164458a-fb0e-565f-9a35-f0a6351ceb20", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74bf9aac-0f1a-52e6-8ae9-2f0fec4c68ac", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a4012d9-7956-53d0-9cdc-a9f6e3c00dbb", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ddb91df-226a-52c5-9b3a-d950c87ce4d0", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b3f81a54-743c-5c60-8d99-2fb001cee01e", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f5288cb5-808b-54d7-8131-f7489479500a", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cccd6026-1303-5e59-8fdb-94f2b97538c3", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c73a527a-1602-5ea6-9416-43b15d1c3a67", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:944aee07-6b49-5eee-a487-ae2991afd2c8", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:87792b4c-8c56-5330-bc08-9eaba7c32886", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce6e6867-9514-5a14-8c26-ca388841ed20", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:002a87d9-9d39-54b2-98d7-924ef402104e", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ac08d0e0-471e-580f-bc14-9703d213c4f3", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4fc25157-4a56-5fad-88df-62e09a6560e1", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e9aba46-8945-5262-8a7a-d12db57beb74", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03b93cce-aad1-53cd-b86a-4b47e328f45c", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:00c2cc22-4fb8-55c4-b65b-1118bf1a9851", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb50727b-0ee3-53e3-b983-3741c1f9697d", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46611dde-4894-59a2-b1ce-4d86bc96b969", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1ad4da62-b1ce-56e3-ae95-9e208caf477c", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5ca0dd7-aba7-5f26-9c60-e9f65658c4ac", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8480a552-aab6-5591-be4d-607db60aa7be", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbabf3c2-96ba-5992-aa7f-f63d5a4264ae", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e4b3e4b6-e1e7-5726-bdec-a24b0cdae1ca", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c5a37bb-d03d-5282-89b8-e70e21c2d4ec", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.4" } ] }