{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:108cdcc3-b457-5bbd-83e7-c14eaaecd1c7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-osgi", "version": "3.5.11-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a69485ed-c2e4-5295-a127-b5cedc4541d5", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16c196db-105f-59d9-be92-6f20c737a8bd", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:482505ff-ba73-5138-a7b8-a0dbdfa7c9ad", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9f75e7b-a1bf-5826-b883-1f20b6d81d3b", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36f725ab-32c1-575d-a6c3-d53060143862", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2afabb49-1f1c-5578-b364-158ca34f93c9", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:286eaecc-b6c4-58ae-b54c-f213cfd9535d", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00be5d8b-5dce-57d1-b590-6313bb34c46d", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1a83bb9-b9f9-5f5e-a180-848e4da3d248", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aca5906c-0fec-5749-a027-eb8d39b067f0", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f751d453-f4b1-5d40-ba40-9e9143d08198", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0381940e-23fb-50c2-8728-cf46c92c6742", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e73bee03-4e75-5461-b88f-e6500234b6eb", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:785651bc-4249-5749-a868-c922c73d8efb", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:27e2d8dc-8f7f-5e63-b439-ac5f4dcd930c", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24fb27b6-9dab-56ea-bb40-a15f7c00f9af", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2499d55-493c-5dd3-bb87-47ce2629ea01", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0be1c97e-4a4d-56db-b521-b261852b8204", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac510835-8eaf-5475-b98e-1270a56c7588", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3baa774c-c8ec-52e9-ba1c-fb5eefb89fb5", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48a46f28-dcaf-54f1-94c9-e38a87733e78", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b9785d03-d922-519d-aeb7-3d575b35783a", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3bcbf1bb-9883-5f8d-93c8-5c2a08524eab", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffe04242-6e80-5dc0-83b3-f08f221a917d", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb68d208-4a39-5d69-8491-acf566d5a4da", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:485731fe-fe47-5360-931d-05664546bfd8", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-osgi 3.5.11-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96f2f97e-cc5b-556d-9b1a-d8e6267db345", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a10c139b-a4e2-5b62-9a7e-1ae14fff6a75", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf:cxf-osgi 3.5.11-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc54d798-4fd3-5003-bace-26260159c9ed", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:386b18e4-7d3d-58c7-9d28-f93e572c387b", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-osgi 3.5.11-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32fe9c24-029d-55ed-b582-2fbcfc9b6260", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:befe75f4-951f-5b4e-bfbc-ad23323e21b7", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.11-tuxcare.3" } ] }