{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c4f5bc71-065b-5d1f-9a23-98bf74876296", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-javascript", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:21d2dc57-3643-5ae5-8e8b-db7e7fa57c7e", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c2b42645-0415-53e3-b1fe-80372de7ed31", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a5d260b-d2d3-5406-ac03-60e79a460448", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d396963-d9da-592b-af19-bdfb7b25645d", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a6bb589a-999b-540e-a816-e43034910957", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ea8b491-48b2-5957-8c15-5b1d8e7569a9", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9ffa968-1931-59f7-90f0-4ead72061057", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7514b578-b801-59e5-ad59-1af65be0e4e4", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56db2908-6521-59ab-84fb-dd854cd99fc8", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2474517f-a944-566e-a9f1-9e2c2bd7bb58", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:27d3fd8e-0d10-5bdd-bae1-d7a430313ec6", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b1389b2-7c55-555a-a6c1-b2f0dceaf7e2", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e3dfd92-3642-5fd8-9304-0031a3d65ce5", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ba27014-11b1-5d54-8aaa-c7e578abdda0", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd730362-4518-5cdb-ad12-f8e32d325998", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad688ca0-11f7-516f-bd98-dad3fdf8f650", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cdfbc8e3-3046-51f0-bd4f-3edb6da9e5a2", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-javascript 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2526aab5-af85-5db0-9400-cb5896b89433", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d232531-f714-5300-8db4-fa827bafdaff", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6c8603d6-854c-5142-97cc-d1027433a7e1", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d45b33ed-4a6d-5ec5-979f-411cb4392132", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c727f606-e043-524d-ac7f-4822ee1982ae", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55e42824-dda7-57b0-bd6e-6a774db764fa", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:673149d5-8b17-5cae-af40-e42ea8dbfe8d", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2daec206-3a99-5e92-bead-d7ff303b2260", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b50fd63-f0fb-5a56-88c3-f034959f0855", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-javascript 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:90f4dbee-88bf-5fb6-be9b-f0802f35ab6b", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0551aa52-2796-5d8e-be09-ea967007fd7d", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d1b43e1-3497-5c45-8657-edb0a8bf4020", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:336c7fb9-19b6-5f08-bf21-48a26a53a9b8", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-javascript 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca13e9ec-3063-59f3-a161-152df2aff51b", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a9a5fbb-3ab7-5056-88f5-34d14dda8b11", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8c4b1b9-f3d4-5d58-bad6-ac4910dc47ab", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:264ca3be-8ded-564c-b84e-615265141503", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-javascript@3.5.9-tuxcare.3" } ] }