{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:487e3544-cca3-511d-bec7-c89babbcde1d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-distribution-javadoc", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7524850d-8b87-56a4-80c9-344ad2406925", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f929282-7468-572e-90e1-4fee0202a05f", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af0221e3-74fd-52c8-8824-bf85a18cc411", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34a4da99-ee91-5240-8424-f7a8f40a7f40", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef337af8-e500-585e-bd69-d5b4ae32a08e", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc2e01d8-0ba8-5dc0-aff9-dd8394390d59", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f439367d-0d1e-50e9-b9a0-dad19e868591", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0ac39a8-2643-5ad3-b051-a00027d3a656", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ce4cf16-a152-52d4-bcdd-c35b4cab10ad", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3ee1193-c654-5d87-b8e9-3c9e1972c6d7", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21bfc1e1-31f4-5b81-911f-6327a1ef6bde", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:231e8efc-20d3-5189-9243-2459b77b65dd", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de6b4c02-43fc-5957-958c-4f60c13163f8", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcc0bf1d-ec13-5278-822e-692128acce4f", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14b1496d-e926-5c33-aefa-e4d8775115b2", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:803f90c7-2cbe-5d66-b03f-29224e793eec", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5986ce42-fb19-50f4-9908-88aaca50c11e", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-distribution-javadoc 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61969917-f7e0-590f-a1de-9a95bfb06362", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d22cffb-09bc-5cd0-90b2-750df9a5831f", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad9a109a-550b-5210-8a12-5a6dca91dc69", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfe49a6c-1eea-5ca0-8857-45ef66d31d77", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e90ba242-4f5a-558b-9599-53c7b9f6ec57", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2194bc2f-a729-55a2-81bf-747e534c7caf", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6789e13-567e-57da-96e3-34c783d1a0c8", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a58ad5c4-d2bc-5704-ae01-bb816eac1474", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2f3b6b3-af76-5aba-9f75-085a5dba3b06", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-distribution-javadoc 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48529874-b03a-572a-b012-45ea5abc3937", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c669e776-47db-54cd-8365-1927d963103d", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e8d85de-3fc9-50ca-9161-b9c8204a5601", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2c13ae9-df17-53c1-80e0-90d204107613", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-distribution-javadoc 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26adc528-a435-5919-a780-53413c2d3ca3", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9c881b9-41e0-5cb7-8fe3-cd1c66b63495", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8510da9-ac76-502e-a151-3930353be81f", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e42804d-1931-58a2-94b9-7da785ec9070", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-distribution-javadoc." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-distribution-javadoc@3.5.9-tuxcare.2" } ] }