{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:757ac1fb-0f1d-5795-ac1f-52b4209bcb0a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-databinding-jaxb", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8ac880ef-b2e5-568f-bc77-5dc40d4515a7", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f6592f5-9d31-5c77-9804-05ab17b6b4cf", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71b9c88e-e473-5cad-81f8-415db070bb71", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4615ed22-4609-517c-a453-00554dfcb4c4", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3d9a0d6-5314-5b04-a022-a560a550ff54", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a32ab16e-cc02-58f0-858d-7afe9ab9fac9", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:869a32af-698b-501e-8dcb-600ecf86d7f8", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e69b8a4-ce34-5a11-9d26-b6ec8e2b25e7", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e17490ae-1bf8-588c-8774-1f69b33ce859", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1df53a25-1ec5-539a-a3d3-e9f2a0c6ebd5", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9bd90539-dc73-5fd3-b6b4-fa5f5d3eec86", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4fefb83-edd8-55b4-9336-906832ee3bbb", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7587faf4-4c39-5a05-88c9-5d242470c843", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eee2a683-c005-50ab-848d-2a7382065d2d", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c64e508-3367-5f2f-b223-69c35f3b8209", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f71170d0-8e51-5230-99a7-d1386630f7b8", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84f6f7bf-f44e-584f-89a6-e2e577d5bf50", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-databinding-jaxb 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff2684f0-a455-55d8-b2cd-ab9e6df5196d", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54197198-d48e-536b-b934-de556093ab45", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3568a6af-13ff-5739-9157-c469487bae02", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cb0d66c-dff4-5e74-ae01-7accd42cd559", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c72ce2de-d88f-54d7-a4e6-a540a2a38b9d", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b353ea4b-9d4f-5775-a8d1-46237db086dd", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a188bfb-22d8-5854-ba8c-9d9434fc175f", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c4bb8ff-1a7a-5de8-86b2-1c9313f4abba", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:347955bf-e554-5995-95bf-57cc711c624a", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-databinding-jaxb 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f939733-cc91-5ad3-8f51-af822156aa12", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c923bc2d-6a8f-5490-b1c2-1f4081b1b56b", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92ca509b-2d73-5662-96cc-494251294230", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b438cf77-de6a-5d10-a7be-035ee6e7c4df", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-databinding-jaxb 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45548c93-3229-5279-8ce7-b4641f7971a4", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bca3ecf9-68bc-5377-8e41-814a9187941c", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff106dcf-4140-5f93-9e2e-93cfe84e3343", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e5d04c6-93ed-5e41-ae2a-a332607cd469", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-databinding-jaxb." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.9-tuxcare.2" } ] }