{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:907e5b87-2b4e-5c24-b286-94a9289c85d9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf-repository", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:34445d44-726e-5331-b951-6a1ac2c98b4c", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f664db0-2a0d-5775-821a-cc7da731d7f8", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f29dd58-780f-575e-8e31-7601c2003313", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed8f2abb-cfe2-5ff9-9ae7-e511ff8477f0", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8bcf695-18dd-5c8c-a94b-2ec078276a62", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd729107-cbde-5397-b2a8-1f9e872a2c66", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00e3770a-48e3-513e-ad45-eea11d2ce096", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84a242a8-a66a-5de2-bac0-fb8367ec4364", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0249cf1e-fce5-5356-bf3d-2d5ed90770c3", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e96c3c7b-4920-587f-8f45-c33a6c7b1639", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b96aee4c-797f-5b13-9d9e-dc153931393b", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92d3f291-5733-5dc1-9ee7-e18eeefb7486", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e91701a5-d585-5414-ae8c-547e67ca3170", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af5db247-eb1d-52ab-8db2-8eee2dd3452f", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae585806-636e-51be-9daa-620c1e5f86eb", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf7e2af7-ce89-5532-b724-23d96eab82df", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b0900c0-63ed-5c2a-aad4-14663eb63dca", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-repository 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3ee442a-913e-56dc-877e-284ee9a0ed94", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b752b5cd-95a2-55c0-b56e-b9a121dc8a20", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77c41f3d-888c-51d8-a5ba-0134c52f2a4f", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53a3205c-58db-5224-857b-f6a8a38974c9", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd2e7050-c44e-5788-b3b9-50a6dbac1a12", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:983b71c2-7d1e-5c30-b426-255707a08083", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55f564ab-655b-5d35-82d7-b8a63f7a6ed1", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22252349-5484-5489-8565-c9d962ca4480", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54a5d3a8-7348-5ccb-8be8-41952e2bb1b6", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-repository 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee4dc383-cec8-5b2d-b68a-6c7652211891", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55242955-ac85-5356-a559-cfa6c2e623f1", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc8af25f-a901-5ae6-84fe-8e4e46bc9f8c", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b88e0d7-1832-5814-a03b-0d70dcc9d1d8", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-repository 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f33eb12-9b03-525f-96b3-c235027c20ad", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0273b74-e1b6-5931-bd01-f35d37cb39e9", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:618e99f2-8b00-5b63-9185-23ca4e4d2f34", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee0049fb-2008-5688-9cd4-13ddf0ef9ef6", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-repository." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-repository@3.5.9.tuxcare.1" } ] }