{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:672d3bdb-abf8-555c-aff4-d3645fdb4904", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-databinding-aegis", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b4c59690-8d9b-5cfd-8d70-c0f15526fc1c", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c226d98c-0830-5234-b32f-b198d9c5a889", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf723c5f-c48d-568a-b208-48a3f577b78d", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:249cf3bc-f18b-5855-977a-a782e3ed73d7", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b94659e4-45c6-5da4-a4cf-aaaf09349357", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4216ff63-856d-5333-a515-b7b63dcbb886", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c930244-57ca-549b-92f0-b90ed52e3521", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af7db9d1-258a-595b-a56b-ed4417b1b179", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61e73eea-c99d-57a1-b62f-804fefea75f3", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f25c1c0e-1f79-57b5-93ba-43a841f07cf2", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:603de531-0ce2-5dd2-a7fa-0002e84b5aa8", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a4f1fba1-a17f-58da-923f-96f3573b8cef", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:147845bf-d578-585f-bd00-38e4e5379f46", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80077750-5480-5b4e-9977-c21082970b0a", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f88f73f-8f72-5232-a327-b44bbd5f7a6d", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51c715b2-58cf-584f-98d4-c7d6e272893c", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2b8bea0-bbc1-554c-b930-3a2cf212dc62", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-databinding-aegis 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e4fea0df-8212-57c0-bb18-4a2b3382f74f", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cfa604d-b1eb-5ad1-9797-2870abaedc4c", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54ebd0fa-2b2f-59a4-a475-ed3b013cc3f7", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18efbe8e-4606-5eb8-ab03-7d1b452e0006", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e2bfc4b-ee5b-5ba5-af4a-1859788ada34", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2cb70a1-f494-59bb-85d5-ef2a4ad24ff7", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b0f04c36-4569-52e0-98e8-731bfc402c97", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d2324c8-ca28-5b76-91e6-f0ef890e283c", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8a67618-d052-5a59-b7be-b7938335b1c0", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-databinding-aegis 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d46f8ee-d7f1-5e7b-8b10-cd1600215331", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ed88287-e49b-54b1-b94d-a15a5c80ab83", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e501ce0-ada7-515e-ba7a-2fd200865081", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d01f7839-ef92-5248-b1ef-915366a8dfd4", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-databinding-aegis 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5cb4df2-ca52-58ff-9132-cec28fa283fd", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1563e95d-ca4d-5f6e-9f5a-cc38283eb828", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76d2bc0c-890d-51b7-ba98-460822862654", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7c110052-2773-5bee-961a-f69119c4af6f", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.3" } ] }