{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0bd0a400-5afe-52e8-9353-85e9eb8dd118", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-osgi", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b23ca775-bc7f-5407-b722-280bc4b5e451", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:324afccc-a9ed-5051-afb8-c8b6662270d7", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e88f290-bb56-5975-9ac4-3fb9d1f50489", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5233a4d-0be1-53b0-8b8f-5584f7f61880", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d9a32f1-63d5-5d38-9cdf-6d7214d3bf2d", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:055357f8-8323-5adc-ac43-a5cf93fe8f50", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7f5d35fa-fc11-53cf-98b1-75264a2d9ab2", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:caf4dd69-cd44-58bd-a8cb-c9a2166d0bf3", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efa990fa-3a70-55b2-b729-944862c5ccf7", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:daa7ad85-718e-56cc-94ab-e31002d00a88", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8b5e1e6-ed27-5933-a810-8e45f1a25832", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6886c22e-da45-5291-8de9-5e9e75f9fc2b", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ab7b73f-bd27-5938-85bf-7692d430b25b", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:71dbc86e-1eb6-57c2-b10f-0a85681286fb", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c6fb614-ce2b-5c42-945a-96369a6a97ee", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fdff2c5b-5f97-526c-91a6-2503450827ab", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:469c3ff4-7f19-583e-8065-68b7343e89ab", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-osgi 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:414af1cd-5e5e-59d1-a5ee-43bfa42e74c0", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca419b6f-90b4-5279-94e2-3194970fa1f2", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bc6bb60-559f-55f5-aeb6-402dbfb0f15a", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc9aa120-ab5e-55b6-81d6-ca256fdae399", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1b6ed4c3-24e8-5b87-bf29-53a8f4519f0a", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a94ea642-ce13-5663-bd18-3052771f357d", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bbf0281-e18b-5e7d-bf85-8aec2b8aa4aa", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05fa041d-cb99-5861-9423-e0959312b059", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:743aa991-145c-5d40-9f4a-4329da3934b3", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-osgi 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ba808d6-0e6c-5300-9599-a6ec24b28033", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:756eeda9-7291-5901-8b7b-714a03cdd23c", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63a8d329-59ad-5ed9-8364-6e7e90c91dee", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1455c9f6-63c6-5a9e-b757-24bbd148977e", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-osgi 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3110b98-ea60-5856-ba20-80e34634647f", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95b6b4dc-3f75-512c-8191-c31864617d84", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7a90b5a-c14a-53f7-ab48-71b4bc0c7a83", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aeefa254-0ca0-5068-9c01-ee2248d82e74", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.3" } ] }