{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fe21ce7c-ce10-5ff2-8620-b3f87d35d936", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf-java2ws-plugin", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:40125bae-0183-513a-83e9-63dacd698151", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d247af5c-1150-54fd-9d27-d41a326c31eb", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6b86d42-7473-5eea-b171-ce16628f8149", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c320bea6-d7f1-5543-9691-c99a82571ee4", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f85cfc4c-ddf3-5215-813f-81157476931b", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f40049c9-883b-51e2-a8e4-2538aa08fd78", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1418beb-ad7a-56ab-9238-c58db393786b", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00fd00c9-1066-5fb1-8b05-b187d7131e75", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94684e8e-4752-5d4a-b145-a5e382729ae9", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8526c9bc-f460-51bc-baf9-08bf594bfb64", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ada7583f-f18f-513d-a20b-b86c8cd43a9c", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68858a59-f639-507b-ac6a-2be2c2fc2e30", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce5b28e0-1d58-5c37-aebd-4387019c4def", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4eda7b08-34fa-5044-b17e-dd1a0cc88b10", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a5c34695-1126-5efb-9fad-056e9dca1595", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca195a68-97a4-5aac-89de-692f72243e4f", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1049fafc-cf35-57c3-a81d-5c9b5e3dda12", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-java2ws-plugin 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b88805a8-8397-5e94-afbd-58ff426298ae", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b0fc651-4af9-522e-abf7-40cec321f2b4", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62d3bf4f-b841-58c1-bb9a-b8f095be0bd2", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76fa5da6-284b-5dee-b84e-7312059b7d95", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86ad9b07-e006-5f71-bff2-f36bb3faeb12", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:873e26c1-1f31-57ac-9f10-eb978301e336", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1787a2d7-716f-5286-9b99-c8220356fec1", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4851ffb-7d95-57dd-8624-229049f8763f", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4069c076-d362-5078-acd8-a7d47553aa8d", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-java2ws-plugin 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76bccf12-032d-5f11-acf2-0dc74a720540", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72fda046-564f-5b0b-be78-a37c84bd3af8", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d22788ce-36ba-55c9-b5a4-118bb0a09de1", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db534b13-7f3d-52d5-b1b1-319aad1227d0", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-java2ws-plugin 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e5c196d-7f78-51be-8eb0-38b1edd94a44", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f13366e-38a4-5b8e-9e7c-8ede67718fdf", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bed822bd-2fac-59c4-a457-0236be141056", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bd73dcc-7d13-53f8-b415-7a344d9a628e", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-java2ws-plugin." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-java2ws-plugin@3.5.9.tuxcare.1" } ] }