{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:98a2ab24-e049-5f88-b904-3c66a0ab5dbb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-core", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a96582c7-ec58-59d6-89d6-43e8b1c3d037", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:265ceff2-25a8-5d1f-9c91-f9023a5d3bb5", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e8c1ff2-705a-5314-a749-1dfaba5d1938", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:594fd655-f234-5f41-8e9e-1244799bceef", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e78a3d0d-fd06-5cff-bb87-a85d634bc8f3", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce797fb3-d7c2-5e57-9251-cfa4da80a521", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9b7fe46-5e72-502d-8604-86fa32ad23ed", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f17a4750-e2a9-545b-aa45-1303b27ba2bb", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d6ecb82-9819-5426-b095-83e051a32486", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:57189bcd-59e9-596a-8e89-395ab0d1ba00", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:618f7996-e045-5ac8-85d7-5c5301bee3dc", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8bcc4f7-47d2-5d1b-b42b-42cc8755afed", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51fcd6f0-6924-5c61-8b36-ef1dc465d9bf", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6fb19411-0248-5ea6-8b4c-ead7f15d0272", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae62e990-cfee-541c-8026-e022bc1b412f", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:adde2603-ad2e-510b-b17e-e947d63cd698", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29a309bd-3dfe-5f1a-8457-cf850f2122ae", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-core 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2888058-a3c4-54c0-8de7-29922fd3ba7f", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fae6cca6-2383-5691-b3d7-5fc73a9138fd", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3807e0c-3d64-5411-863d-136b900de1ea", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9823081a-77bc-5539-854d-3ed9e90ee7ea", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0f3bc16-7e28-5541-bf02-e59517a60209", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd0b48ae-40ef-5c3d-87b6-c317cb085ecd", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a6f37db4-7d3d-5893-ba11-574f2c1359bc", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f94e940e-9828-559e-92f3-e2ddaf9ac913", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9bbac89e-c5b7-5ca8-8015-4c376b735f93", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-core 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ea937b6-9f6e-5913-828b-01ec611c8edb", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47ffaef8-4a54-59d9-be53-97ac304f53b2", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f70fcf62-cbde-578a-8834-e319c7d5af6a", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:46b2d569-29ed-5359-b449-960fc99f8b13", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-core 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98015b63-a36e-5788-9306-c6037f1febbf", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e1576c8-7f8e-5473-8b8a-220741101b45", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0a7c3f9-e257-5d55-b4a3-93ca7b00425c", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:643b5714-ec1c-51f1-b286-2ce3a9c13756", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.3" } ] }