{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2086caa9-f291-54ce-bdae-d429531d6619", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-jose-jaxrs", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:88a80102-eb21-5341-bd13-24b2c43e9e5a", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25463195-56c4-5cbc-9916-c4f3358d24dc", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a95a1477-1d0d-57b4-b123-2514c82175d3", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c2bbdbb-dc33-5321-9abc-a9105770d81b", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f06de3c1-92bc-510d-9f28-43c48d5bea76", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e82d8f59-b48e-5f71-ac47-229891da332a", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1340a06-1b9e-5182-8951-0596ac7175c1", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21d2f2c5-05e1-551f-9fc4-1214978f4620", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:345a1e1b-50b8-58ce-815a-8bd7ed6cdb07", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3da0dbb-57b5-5f58-9e22-0ec013c7bd7c", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c428ff8-a340-5e25-95ba-3bfd23a3050b", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd670a33-3c58-5d05-a2c9-d5a742f37abb", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09b8a508-d3e7-52a8-afcd-69446571dcfa", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8a471c4-901f-5b62-bc81-e3bc476da524", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:603fe968-1248-5f28-a14c-81eb17ed26e1", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66bc3649-8288-58dd-8052-e9e1fbeaa562", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1f029d5-b27c-519d-bc29-9101c8293542", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose-jaxrs 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d20a7b6f-b99c-57dd-98e1-1fe29eb7e9f2", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ec0ee04-a89e-5193-b765-7a1db6547d77", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44d567a8-0ca6-5867-9656-bc56888a5685", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb14118f-9f25-50e5-97ad-236c0ad9e148", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef519347-856d-58b7-96a1-98cbc228c2e9", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85fe7ddf-e3cc-5d04-85d3-1c2587186d9c", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dff94e25-e8de-5674-b002-0489c65870b5", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fa7d04b-d479-51d3-b7fd-d45555d8b54d", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68334fc1-0be1-55e6-b226-5694ce4132a7", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose-jaxrs 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a35355d7-6b5d-5566-864e-a2c2b7b6dbab", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:663dec63-39d6-5b1e-a27b-acc4e4d6df3c", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d27d477-6bab-5b70-a6c3-c31819ba9011", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f59ad02-41ba-5912-980a-20a402637d2e", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose-jaxrs 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8b59a07-ed7a-53f4-9a90-b7b166ce5dc3", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf9943c4-fa97-57bb-8b44-53843d692e77", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16cd43f3-a112-505e-9c6c-6772715dc312", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a70cc3d-8110-5e96-a280-bad4002190c3", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9-tuxcare.2" } ] }