{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:892aa958-4a24-5600-ac6c-a2918e75ce0c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-extension-reactor", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:63e1dfdb-41a8-5e7b-b083-d94129b4c61b", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce55d90d-a8b4-515f-9e69-05b3fa2d8273", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf2fe9ee-e58d-5e5c-81e1-86731d36e2ad", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6eea313e-3a3b-5f81-a130-a984fe194ec2", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb8cde04-b8e6-56f0-9e28-063e60b745d0", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28f6db23-4d1f-59ce-aaf6-9b0e07e85d64", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28cd36b6-8eb5-523e-99d5-772b6414d95c", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5bdf45c2-bcc4-591e-a10a-da7c7f2f74dc", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78739cbc-56ff-5d1d-b372-def36982a8b1", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f45418cd-c33c-5764-a490-e258ef936639", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28964df9-8983-5275-b8fe-13a9210d766b", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bea2d5ef-8e7d-5adf-8565-c835327f9859", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85c7355d-3946-5f5b-9b35-7ae53e785c83", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f9e5c9e-36cc-5f9d-a597-110e0296ab7f", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:30ac9963-c010-5728-aa1b-5f4962b6d0b5", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:532173e9-a3c3-5ce4-bc01-33d597bf90c0", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7eeecae9-3705-5356-9f39-9cd93247a757", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-extension-reactor 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3efe3bda-191c-5d38-8e1f-853708e4d0a1", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40862bbb-db46-5537-ae0c-2ed1de4cd4e4", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d42e94ee-6f89-5c01-9dfa-60cb3421ae62", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c22d9670-1d8f-5a1e-a0a8-7fba001caa05", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76209c07-00a7-582f-81cc-f067f13a6a9a", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8fb3ce48-820f-5332-b89c-62b034062f00", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f565dd5d-e4f3-5ee1-bc53-77d6c97b702b", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:909019a1-308c-5a1e-aaa2-0ed7d3f2abdd", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:367177cc-8c5a-5349-bd8d-bd3cd1081e2a", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-extension-reactor 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbde3502-b4aa-57b5-a93c-77cd107a2f80", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57e07689-aeec-5f7c-b491-6900f4be2b00", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eef952df-15d8-529c-8157-662c77679f2c", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e86f704-94b9-5b89-978f-5a3ba27f1d87", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-extension-reactor 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:120acd01-9e85-5890-aec3-a21c916dad7d", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c8c7896-5d14-556f-972c-9bf6fa721f77", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d483dc2-bdd1-5c96-b18b-e51f26c9145d", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae47884e-7ffa-5b4f-8ab6-1cd1ba623617", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-extension-reactor." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-extension-reactor@3.5.9.tuxcare.1" } ] }