{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:abad20cf-3438-5a11-ba0f-8e2ee13a499d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-core", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8cb744cb-09a8-5a00-8e5c-4ec69f8252ed", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:55d3aec3-8c62-5767-a633-b0b9e43cc5ad", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:54f2abe2-80aa-56a6-b06c-d8a91dc72f42", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93d29999-f267-54ca-9534-482e02a593e2", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fcf8f3b2-3d12-5798-aa59-6d2caeea89ff", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:071573cc-d9d7-5983-a04f-1a599b73f37d", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39705a01-35ae-5edd-ae7e-da52969d6a52", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:00dedb35-5704-5354-92d9-d2d777153c53", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cd7dcc95-d31d-52ff-9522-8c56a54c39b2", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:09f35472-6496-5cfe-9f5b-622267e4dc95", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:146083ee-75a3-59a3-83c5-7e7c87fbc972", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef83c70f-06be-5f7c-92fb-cfeaf0049693", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a487df41-c392-5526-85d0-09c94537ddc0", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f34ff40a-9d9b-5d8f-a21c-3608fd05466f", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:52670dab-45e5-53a2-92ba-7e2ac3869ec9", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb0fb0a8-4307-5677-be4f-45980d528014", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:22ef2219-0670-527b-ae73-a37d01ac4976", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-core 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8504b174-c477-53e3-a56f-ded18a2bc2c9", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46957f4d-3c76-5178-8822-ca032a94cf3b", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0fa49c3-2603-5995-a49f-dbc352fd313a", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ed9da89-ac4d-5344-a4ce-2d511c09795b", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25afddfa-28d9-591c-9ce5-3c148567c50b", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d47ebfa-74fa-512e-a575-8fe8a90ee6f6", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1875331f-ac90-5640-9dc8-58121bf3eacd", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:825aa8d2-8236-505d-b737-96a65001b32d", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6d396c76-4795-5ecf-9e3e-04d70f965f15", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-core 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:844ea8c6-d7fa-55c5-92fb-09c454f706f9", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:125f4a9b-e05d-519c-bc7d-25b52c7df9dc", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53ed7133-f064-53d7-9b03-4486dc60676b", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ffa6698a-3087-5b44-b3ef-2dba14784fac", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-core 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:99f2ba42-3ca8-50a1-997f-723fe4063695", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b907cd8e-b51e-5d75-8951-27a54b1b27c1", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3e32c89-60a4-5348-91c8-bf42bb9a03a4", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c203362-2b98-590e-a286-d485f61e427e", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-core." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-core@3.5.9-tuxcare.4" } ] }