{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a19f647a-a6fe-5345-8831-5eb34b0b5514", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf-bom", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2bc74793-a26b-5cdc-85fe-69b39b449439", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83c40b4b-ef19-58c4-b6f5-4f9d0a682157", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0069fab0-7eb0-5fe9-8fa2-426293284360", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f37fadb-8e79-5be1-aedd-feb3d20ce6d1", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:25f380f2-7932-5b12-8887-6eae81813306", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17173558-b6ba-523e-8c6f-ef0759d2b39d", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e4091ac-ec30-57bd-8d9e-3de4ec2c0874", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ea80239-b768-523d-8fd7-ac38abc3b89a", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e59d3aa-f328-5b90-9be8-9cef46b629a1", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0ac4238-7025-58a0-bee5-8866e4cc60a8", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cee89b8b-8f86-5aab-a8e2-bdfa2fb5e3a3", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b9db99e-4739-56c4-8133-3fb37125efde", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf9fecd2-a4d8-5d83-970e-46c0f94c992d", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a49edd9-e4fb-56d4-8316-34bac3461af8", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8c1a4b9-9b68-5906-aa15-8dcc61783729", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f58e7293-1b80-5c76-a95f-6f669acf5e59", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e5b9321-224d-5782-a95d-4c2189c8b522", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-bom 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:802745cc-aad3-5cd9-a09a-2f92189cf995", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a6b0d07-1509-55b9-8704-e6a6783f4327", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:546a4f9e-2096-5ace-afe6-96b865bf011b", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28e86363-5eaf-54f9-ac5a-481d41896f36", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71749d89-7c19-5f42-bca6-b7bca0cdfa02", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9a91ad7-b8fd-5b83-9110-310144375d25", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d7e3df8-de5c-5876-984f-2f36c45453d3", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04d84b64-b64a-5c85-ba8a-7ce0974de71e", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad7c9b38-cda9-572a-bcfc-34119a82af32", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-bom 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c8b6a54-76cc-5fd1-8ba2-badef8b0565a", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54f021f4-4e0e-588b-928b-2f1244d7bc49", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e47eaaf9-b8f1-506e-8f50-a939f8d192b0", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3de11358-e397-5c0b-bb6e-c4e6816a4fc9", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-bom 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6117e95a-a27d-5a0d-b489-456b5040f88c", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1acc63ca-04f1-5645-8c4e-3b561b62cf2e", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eee2dfd4-84f9-5d51-8076-83e7d5e795e0", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a9f846a-1020-5764-b039-d91588f1c167", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-bom@3.5.9.tuxcare.1" } ] }