{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e0f00b3d-205e-52e4-937a-f72c32b82ccc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-repository", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:058a562b-b4cc-5c4c-b949-efc9cfcbbc6d", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d286df87-057d-5f15-ad97-a0a8497a86b2", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdabbe37-8f79-5cb9-9b62-b9fca50835b7", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:973b9419-f0ed-58b1-80bb-3c762307209c", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee844246-fb93-577b-aa9b-90eb519f7ec6", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cc9ab70-0360-5bc3-acda-da0576bc634e", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48a723c0-d1da-5100-b3de-813460a02e02", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b82b6fa-2711-5b4a-b3c1-f2f2739a4c3b", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fbddf224-8aae-5721-8346-2b94fb69a25f", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e1713cc-04e4-5681-b044-08dd51946992", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb5bc206-fbef-5fe9-b99c-fbe0d364ca3d", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aef7bfcf-1629-524b-ad77-34f727661bef", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:839e384c-d742-5e03-bfcc-b8b7c2259668", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:300e3acc-022d-5f8e-b132-8eaba76b6cc1", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c494361-9dc6-5947-92df-c1cf977ed155", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae4e3a25-7217-5b09-bfed-a07bcb3176a4", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8fe8c1a-49d5-5877-8a8a-f8089b7f4f3b", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-repository 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6058a34e-31d7-5f71-a00e-e36d4bf56f1d", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63b80b3c-da7d-54a5-bc14-e4353da4aaa3", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41499790-0b01-5752-ad95-6b0e065be834", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6755b0f3-2770-5547-9258-992c0fe52376", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd49c7de-af77-536a-a4c0-e51182a3ca19", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6229db7-0d94-5ec4-8867-fe52659dadde", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3634993c-1891-5463-bc9b-603476d076e0", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85df1cad-d0e4-592d-af32-3a8aa7f8cc29", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c88e5c89-2417-5767-8c8e-cec04dc84a00", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-repository 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e6a5927-8b1f-5f47-a86c-c79c5b532f42", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:daa86c07-9099-5fdb-bdf1-ffa4444af3df", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44502e81-c145-5a65-8fa5-b5b270c2d7c9", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ab59711-3fff-5ec5-9720-32d53343eac2", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-repository 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0609889f-c47c-5389-8ca5-6595140e2575", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54cec601-4de6-53ca-86a4-996e39428f6e", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf586d2b-aef9-5a0d-8dc3-ebb9c1d8064e", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a20fd52-00cd-5b40-a31e-4840c96d5c93", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9-tuxcare.2" } ] }