{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ba742bdc-b084-51b3-b18d-ddccb35bd392", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-databinding-aegis", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0b74634e-e9d9-5179-ba5d-18522b8c3273", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f4b0ba52-a6f5-53a5-a8a5-102afd502b0b", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ed26c02e-bbe0-5653-a43d-137efcda5aa4", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fca5b3af-3198-51f0-9112-1cfd55d1346a", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dec195d8-2952-5b35-ac24-97c6ba05b1fe", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:780a46a8-a4b6-51d3-81ab-b459c7f4936c", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b98c2e5e-0d75-5be7-b2de-5e47f5ec836e", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:986857a9-80c1-5bfb-9a89-08bb614d2fb0", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:371a4284-57cd-5c87-8b3d-f2d5a7a715f1", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03259646-171b-5b67-a861-83ffe4f697a0", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:632ae0fc-4484-585f-9f14-a535af0fe1ac", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a284f4d-414b-58a4-ba05-bb62ebe8563f", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:58da2bc2-11b9-5d7d-8954-9a362a7a5a36", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31c23c94-e604-5b54-bd08-37032f506e3c", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a61423ca-8e7f-58ca-8bbf-fedbf7954e0b", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:81ef5abf-9645-5a75-9b73-4849ba3633c8", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7792609f-65fc-59ba-9d5a-2a82ea664e92", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-databinding-aegis 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1f4a065-93ac-5767-bec7-12d3ba40a9da", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f180b04-e53d-5020-bf44-ab192ffa0ff2", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5859aa05-0a1b-5847-92b3-47db89d405ca", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:514ccb8a-c5be-5869-a888-7f9a38b6d54d", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d72af007-5bb7-5cff-9dca-0cdfea7dbf64", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:88fdcf9b-7d7b-54c9-bcb1-94460766372b", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2086555-bd51-5f34-ac9c-f163f6035976", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a889fce-1356-5224-95c0-134fdcad7436", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:333cd081-cb72-5523-943f-d3d9117265fe", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-databinding-aegis 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6891ebad-8e68-584d-83d1-b486ed946abf", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fbda371e-a953-5481-b18e-0a60f23340d9", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a4d00d0-ec06-538e-ad56-eeaf49e22c30", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:853f86a1-6d24-5907-8846-8e820a6bb8e6", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-databinding-aegis 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a7d2dfce-1a09-5224-bac1-11172dd5b425", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:70dd5d22-d794-5ede-b1f0-b3a481913565", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fa6bcf8a-5de6-5744-866f-8f2f97bee126", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3eec8e30-71d7-5466-ae4e-7476f2f00629", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-databinding-aegis." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-aegis@3.5.9-tuxcare.4" } ] }