{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:828f03e0-de7c-559d-a0a6-389641c63e91", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-databinding", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1a0ac43c-3766-5c43-a8bb-1ca8c85ecffb", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e1cf0cca-9dcf-5688-9a32-9d0a5fdcdd47", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b358f080-7e2f-5d9e-8ea8-9d5757a74e08", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:71935839-42d5-51a1-a145-d2ac4cc20f27", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c4a0e093-24e1-5c23-8d8d-dba136b47a7e", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:26c723d6-6cda-5087-88f5-069764b78568", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b6a03d2-2bc0-593d-becc-5a5940c78a9b", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e511d9a-7934-581e-97e5-73eaf4d3c04c", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c762973-0c32-5768-86bd-c9928ac66645", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:963b5959-b470-5670-a185-060d93c2befb", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f342216-0513-598d-ad74-cbe023ba6345", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5557cc57-d95d-55eb-a7af-2c7821da9cc1", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2991c8c8-22d2-54c3-8776-6190a10aad36", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:296d8fd3-fb5d-548f-a863-5f55cc376e8a", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fec5d50c-15f1-55d1-adec-4a5d2a55eced", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60dc1de9-61b0-5c09-bfac-e6e7337d3105", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc12f0fb-6bd3-5894-9795-19cef57a6f75", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-databinding 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:339534aa-e047-53ca-a104-7c4c532070c9", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5ded33e-416a-5e29-9b0a-5e61ba8e037d", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b83d560b-f3c1-547a-8821-7d326cbfa9bf", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d53ef3a3-4013-54bb-a059-3c05c578ff16", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:377200ed-63ab-559c-aaca-d9c5c49c7577", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:257cf1c6-05e9-5ce9-b112-b68fe5ceea77", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:790f6caa-2fa9-5072-93a9-9185058da5b8", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb08dee0-5cf7-55cd-9ec3-2aee557a6f6e", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9fb7969-f640-569d-9c9e-fdad1a22731c", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-databinding 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:594d9e3f-e4d6-5e7f-aaf4-84fd299b3375", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b774133e-2399-54f4-b74a-0c63f8fb7229", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a91c27ee-e3d3-55a7-b6d3-76b7f079687e", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d4148b6-c61b-5182-8141-3c91f22a7463", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-databinding 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c4ba0313-b82c-5501-a89a-1ebb0849997c", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4013b6b4-0e87-59c4-96ec-66e4ab6c6da9", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c4ec06c-5c24-5f8c-8595-1fc96adc8bce", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd19db68-8f2b-54ee-b702-cbd1965be0ba", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-databinding." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-databinding@3.5.9-tuxcare.3" } ] }