{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7f0316aa-34d6-5048-b781-e9f9c111d2b4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-databinding-aegis", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:365f6fc2-0b10-5a01-b150-5e48ea10a5a0", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85f01135-8008-5c9c-aa9b-e9da634ee3ed", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfcb5463-554c-560a-91ac-f14da652b2ff", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75b2431d-0925-50c1-b632-20b0adc1be65", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f9eb9d7-0758-54d3-a026-8b01cea6503e", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5059db60-c6c5-5318-b34e-5817fbaa8d06", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83ac9f9f-4b25-5dfb-9e6b-5d5feb3a66fa", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6960ccec-00ac-51f7-a5ec-4b0317b34de7", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee3e024f-f0fc-59d0-a9f2-f2d177371730", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce5e47db-54a2-5367-a36a-c66c76555e0b", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:055a5ec7-2df3-52db-b5db-7e87d049d34a", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60d2ffe3-97d8-51b3-8b56-5791240bce00", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92e30ff5-06e9-5fb2-85a5-1b817ff06f3c", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0bf7cf6-330f-5e54-be60-a6cfecab369b", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10c294a8-3e3e-56d7-aa53-65b726839609", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b1523cc-dd89-515a-987f-365316509ccd", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32023740-79e1-5abf-8772-600e31676ba9", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-databinding-aegis 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:709e507f-875a-5a70-8b2f-86f361f2752e", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1578e572-ea51-516f-aea9-7d84e7f27d17", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07ba8642-0f01-539c-b2eb-b3db77dbc8fb", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18df7c6b-3b94-5e6d-9f49-a7e50853660e", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1862506-a02f-5360-8054-6969e29b5544", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f6d9774-1bd3-577b-9983-b7b132863b77", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5346845a-b4ca-51e8-82d2-45675ab101d5", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a57d28db-e0fd-5693-9729-10d499c5b1cf", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a4b4ffb-cbdc-56c5-8d44-6ca463c3299a", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-databinding-aegis 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fe3b0ef-642e-5e4e-965e-e15bc59001f1", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acd321af-4944-529f-a608-219c972fe3dc", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64364c2c-f709-54da-bf00-b76129a15cd7", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e12736e6-04fd-5405-9cb6-746f0cbc788b", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-databinding-aegis 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f26de9c-7d18-58ea-b9eb-0932adea6657", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab45d6e8-978c-503b-b61f-db1e5d78446a", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:676bf1a1-8725-5552-833e-91b7b23c09c6", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4271a35-222e-5e4f-b1e6-992482c821dc", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.2" } ] }