{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:47200b32-0bef-5a00-a0f4-a53297f22bdd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-bom", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f6ea502a-1951-5316-816a-56163bd57f49", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5fc761b-6a52-5a8f-8b20-5be8e749ea81", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c8a9867-f8b8-5fa6-b6ff-101268d8a924", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7373d75-92a7-593a-a5c9-0dfdfa5767c7", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fedf970f-61e3-5b96-ab4b-11497afb02a8", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4f3b719-7e1c-53ab-8fe4-f573a662f9c8", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3b1351e-3f56-5aa1-a3d0-0321df95c0b9", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8295e65e-33d7-52be-8072-0bba58af10c5", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b46dee2f-2f0a-5f7b-84de-326cdf33a3e3", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e0a9c8a-76c7-574e-b2d5-fb0028cde511", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89bc9c2e-d6a1-5f99-bc03-fe41be51e630", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b33f1866-4877-57a1-b22e-2437f102e261", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e68cf6ff-9fd5-5f61-8b59-cea4fad166e2", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2d52917-5661-58e9-aab7-a79023fe2334", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8f941c0-f70f-53f1-bbe2-d44c0602f3fe", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:348233ff-7511-5cb6-9de0-8116d663a456", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16c42cb7-606a-564f-b600-df4cd014c96c", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-bom 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de97a5c2-1ef2-5912-8dc9-f9c34b64d26a", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83762c8a-6dcf-5ca7-b566-926a0c9566e5", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8ffe420-d252-589a-98ce-1ed2dc8c9ad6", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c11e2cf-c40b-58c3-80ea-67209fd15c1b", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ef795dd-5af2-5b00-858a-882777fd3745", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0aa01421-10cd-5cae-9d26-bc6b3fa22407", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cda00545-5232-5449-b2b9-978223e52cfe", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be48d28f-1a5f-53dd-b64b-93867fa27512", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7b67703-81c6-543c-875f-8a136b9ebdad", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-bom 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7344d81f-8d89-56f2-89c1-cbd653e62e03", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ac7b9e0-2776-50fa-afa0-cba08b6fbd52", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e2b7601-ac9d-5f64-ae7a-d6f4fb1d7bcb", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb546982-7b94-5345-a9f6-2c8a26b14945", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-bom 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8548cc18-8db2-557c-838d-f52676c911ee", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0de6c308-c36b-5c8d-823c-2202f8523a50", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bacd95a1-92a4-599a-8f45-e1896547ec44", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99aed8fb-4625-5bea-b87b-10bc66804af0", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9-tuxcare.2" } ] }