{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0652b670-3deb-527a-96ef-dc84cf3de3c5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-features", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:dd30681f-3263-55e2-82d9-d8b2725a738e", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74fb01c4-567a-5de4-9db3-ff314151ee4d", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cc848f7-feb0-53a7-93e4-e0729b1180bc", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:589f8c46-77b2-55ec-949e-4893fdab2f8e", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1503695a-3ed3-531b-b8c6-25aedd3fb2c6", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b9c67aa-a95b-5d21-9a8a-2ea61d520e36", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb8aade2-7122-5bd1-ae97-43007d4eed72", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b787f500-455e-5c77-8cfc-f499202d98e9", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1865af99-4eac-511f-9754-e440d8e845de", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bb9650a-c0ae-52aa-ab7b-f9095f48d4b7", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9f7cd17-e03a-58b3-bb63-99c0d6da6812", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:43515fab-698e-544a-bec1-45aef2ca7f1a", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa4ecce4-d940-5040-939a-0a4a374cf592", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b9e7f01-8e68-5d54-96c0-e7b4ed145d96", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f15c96ed-bc22-581e-bbd9-c22b9e86d0ae", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3037332c-5fb1-57e1-a9a1-0d47762e6153", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ca75d11-a2f1-5301-a036-012ebbb90718", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-features 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39b86469-b767-5106-9118-c286410fa595", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11a6e969-f61c-5487-83fd-7f41c7f5a00c", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cce10356-8d68-590a-9ce9-b6933dee014f", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:947ba24c-ad5b-56d1-9955-0747341b446b", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36ca41b7-03e6-5896-b9dd-ca42c80eec2d", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92f37c46-f524-5313-857c-dc1c8a27de42", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ce0119e-6c6c-5561-95af-a906361ffaff", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91863da5-2006-55bf-bbc7-54f6755d0912", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:889d820e-b1d4-5b3c-928e-1718e8ec3f5d", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-features 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0a61181-93f2-5c9e-b233-920fca4660f4", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75cc81a8-f4e6-58dc-a107-a8dad808a619", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c929a66-538d-5986-b4dc-dd3f12f16e5d", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8d918eb-07cd-5c65-8362-bff0e347ae5a", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-features 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c058bc71-d2a7-52b9-9368-db012c7245e2", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8ac2b68-0a3c-5e1e-bd30-ed9fd780aabb", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f3ef232-e843-5522-87de-e14b788ecaaa", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13659797-406d-5fed-9382-e53ecb948088", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-features." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-features@3.5.9-tuxcare.2" } ] }