{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bd7186da-f55c-5124-bcd0-8ac50842e09b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-osgi", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2e525784-2c47-5dc5-92b0-2694c3c9e754", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6fe4b729-ea69-599b-b567-e544c24b2bf3", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ebe27666-912a-5eb1-b161-4169751f3663", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a769e65-26cd-5139-9e8a-db1816b4da4f", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:298af909-fcd6-50e1-a087-3ee63d13a31d", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bb5493bd-edb5-590e-88cb-fa03c2c06fb0", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b13b96d1-cbe2-53d7-aa4f-90b0c27b5075", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d59b4859-66be-55f4-a6da-891f9a46f431", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0797f292-cd5d-51d6-b9fb-d286a8314d7c", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c91a475-0c99-5c30-ba75-4bc95c27cc1b", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:182aee0a-ac97-541e-9f8b-36989da2f891", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ca55839-9611-536d-b8f0-7d25a564bce4", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32650b8b-6e96-5906-a0bf-09da52113c25", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd9292e3-4d93-5e06-998d-225dae255986", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:492f2635-c159-5840-80c9-9ad268c7dd8a", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bad2b3c5-68ee-51c2-8804-9ff2f3ec04d4", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25c123f1-c2a1-5e16-b684-7c9e221e4ac9", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-osgi 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69060e68-34dc-5e3a-8ab3-80d6d4bda0bd", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e89d91b5-b24e-5f5d-a326-41d575579e56", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2291aa37-b5ef-5b7a-ab3e-0644f4bcf9b1", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:980e34df-ebcd-584c-94e1-4c40811886bd", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:952a560b-fb1a-517f-a246-0de4f7cce737", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4933b5dc-760d-598c-94bd-0db9bcb9c742", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:18125f30-b52c-5b61-b324-fc53e499602c", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:629bfffb-e9ea-5645-843e-e6a4c01d4365", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3261567c-5ee3-5d36-958c-0e7442ec6b23", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-osgi 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b2b044c9-475b-5d97-8992-1fcabf4af747", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd4f09a1-c5d1-5513-af04-b55f53f2a48c", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d25f9f60-51fe-5ab4-9053-3fc166e573d7", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:724849f8-8a30-5b5f-adcb-fcb213512280", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-osgi 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65329225-5576-5844-91f7-58d75be004b8", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:50012445-4724-59d2-9582-fe217368630c", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:13052157-a192-50d5-abb3-9cca99147c1a", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1148462c-3a6f-511a-90ee-1ccc5005dc8e", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.4" } ] }