{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:87eb0890-fb79-5952-88f3-d78a6c29ea1d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "apache-cxf", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e4bb9ef8-53d1-5cbe-ab06-70ae121e6c46", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5001dd5d-4650-594d-ab8b-d7d08e7a52a4", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:692ab140-183f-5b79-8bb4-ae21e1126fc9", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:708dd866-e59c-5970-bdd6-4aeb44cc0b5a", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b10d53e-87ae-5066-9011-95309d6639e7", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3dcb88d6-ecef-50d1-b02f-59ed5729464e", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11927df8-d6d8-5187-a801-bb702d16f127", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08a10c1a-2357-50d9-8477-97ee4e302d6a", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de4bf4ee-cb3e-5667-961f-90aef46aed88", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69e5c4e9-2c75-5e24-97ca-ef71efe48ac4", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2098684d-f8c4-52a8-9b63-c72dc8e143dd", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ffa9cb4-a3c3-5b6e-a727-4af481bb5aa9", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2b5dd79-8c9d-59c7-a871-cd1802d63452", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b87b352-53a3-5b5d-a2b1-bb5e3700aefe", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35f5c48f-45e2-5bf3-8e0b-604bb3ac97b9", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5dd254a-c5eb-5b99-8886-7610898f92f7", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c758dd0-4012-5d90-bf7b-7d15f53277fe", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:apache-cxf 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c4fecc8-e9ac-56e1-83c7-2a10a1e637f2", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54a0c891-86ad-54ad-b3a3-76a798b1b730", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1bdd768-3af2-5493-9e53-01864542d1e3", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b2bfcea-2af6-59c5-9a17-7477a5c02867", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e030f42c-3ade-5d05-8351-cab0b97ab815", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9127afb-8931-573b-9522-47a9f57572a0", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cffa894-14c1-5860-a94c-9b6f23483cd7", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3dbda08-977f-58e0-a447-5d96ee2babf3", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8b4ed19-838d-54c5-944f-4d95a1cd172a", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:apache-cxf 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa49bef1-e40a-5df2-a98a-f9bbc7d6d19b", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88f31030-8292-5c3b-87a3-b123050e2b53", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66272e9d-4c70-52ab-b7c2-1098608aae0e", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f46b27d-f8ff-5cca-b504-7794b41e1f88", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:apache-cxf 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b29d7dec-b1df-5520-87c1-f4ef18e57d10", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9e5e0d4-9751-56ea-aae1-d57f40e64f2d", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:318e80c7-3f31-5491-bfe8-d98e69c5cbf3", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13f2c298-bacf-56cf-b546-b15c96aa70ce", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9.tuxcare.1" } ] }