{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:21d74b83-dad1-5e97-9301-c82fbd6bce9a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-java2ws-plugin", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c3c95807-0d72-5518-8867-054d2101d6de", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6394a660-aea7-5b7f-9258-9cb672764f79", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8e9fbdf-dd58-5a31-a11a-31d88f22263d", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:99009ff2-6f3f-5037-abfc-ff677dd54dd9", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b7d2f157-ceef-5f2e-b44d-096f9956dda9", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39f9b328-58d9-5c8c-ba3b-05ebe3bb53f1", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b53317a4-dfaa-567a-b888-e0f2d723ff99", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:abc18518-1a16-5090-8a18-a02d7bad9a34", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:11bacc59-d932-59f8-b23d-e9cfc614e963", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff367454-2291-5c46-a186-bab37d9430a5", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9db29696-075e-5b9d-8578-75e41c7e0358", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b191a68c-8eb4-572c-92b2-2586373fa650", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30b22c5d-5bca-5190-88ca-9c3b7f43e02c", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ab4c8443-8b53-5138-8703-677393278ac1", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8dcbdd6-9b2f-52bc-bdb6-6286777ad7f8", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c48a8526-c8be-5a04-885c-f71d0c8937eb", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:04f99941-90d6-5d7a-b14b-0cafee69593d", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-java2ws-plugin 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6406bb47-7a7f-5824-b8e7-e8ab4e874e37", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:50fcdf69-63e8-5052-a57b-7e8c6ca475ed", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6e0d5f68-ae0f-5e24-878e-138293e83313", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:10307a9c-e1ac-5638-b2e5-0158379187f8", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:38355fc7-837b-5e0a-8fa9-16573a90e3c2", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8572d8f6-66c1-587a-968d-f76b0fabfd23", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d47ebbb5-a8af-5027-a760-353c8dd293f6", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e3042306-af13-55b1-a4e2-cb6d6cac93f0", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:82dc102e-9996-5d91-a59f-03cd39000287", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-java2ws-plugin 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26ff09f9-fde0-5075-9d7e-00a0736dc823", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:84c6708d-97f3-54fa-8767-6197b31e7674", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bc838980-7663-5d3f-8940-4a71b9ab61bf", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5aeabe6d-574c-5176-9721-b3bf51e936b2", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-java2ws-plugin 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6d26533b-2361-57cd-b9e9-ef973d003442", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f448d026-e83b-5f1a-93dd-e6a813c6bf3c", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2cec9e88-67d6-5785-bd02-edfe6636f00c", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a2135e42-2369-50aa-8542-4de9a725f35a", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9-tuxcare.4" } ] }