{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f53f1cee-ec91-534d-99ad-1a6f0667fd0f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-jose-jaxrs", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:31379b6f-a9fb-557f-a4b8-dcba04582b2f", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8618d085-e459-5fc3-8748-2cb066354158", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b893859e-907e-54fe-af05-6fa86d655b7e", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72aa36a9-0552-577d-9fb6-be89b5329036", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e965603-aed1-536f-81bc-77fab2318c01", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ad3b71d-8272-53e4-80a4-f3113e856e90", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1bf1320-d707-51ae-b646-c883686cbfc8", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cd7e9e0-8b65-516d-a2f5-56677c70797e", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e288e371-8172-5620-be7f-ad3a37f37bc2", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a125544c-f037-5b00-b816-cd7bebc81339", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f03bc1bb-1c96-517b-9fcd-0807944736a5", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e64a2d97-e2d1-5178-81a4-508a189f2648", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cdec030-d539-570b-83aa-551d1497146e", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4412d306-e52a-5b03-91ae-c0e9f42f4500", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b4d1a85-d59a-5587-be36-6a8d0ba4bd53", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6478e966-8495-5002-8bab-23728772cdab", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:933fa42b-c162-515d-bd94-5e0f666d26cd", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose-jaxrs 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8df7c02-ec7f-5773-850a-6c0670f3974c", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df7d0744-d0b5-5be9-8bae-374b9dc9e2f5", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f10faeb0-5a78-530b-94ac-0e74d7a0a809", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3c3377c-5f1b-5d6e-b3a4-d620ece05c40", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54ef8276-b5d0-591a-beae-cab98f9c68ed", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:410776ea-6e1b-5c67-a3c3-9fccf0b310e8", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5bf4844d-47a1-53aa-9a40-2aa2b6fe766a", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96f6666b-51a6-50b6-b06f-b268e927a231", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b905e364-77ec-57b8-9f5c-e3dc4c1457cf", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose-jaxrs 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10178f31-f2b8-5f71-81f7-053fc6185445", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f0f99c6-c855-5a2a-81ea-29acd11d6ff4", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:997cfb5e-b4ba-5a17-955e-8b551aea13ed", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6a37804-e14d-5fe6-8c4a-d34c549a7558", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose-jaxrs 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:456c702a-ae68-52e7-b60b-f764bfb4dd1f", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:705cd8a1-9659-58c4-969e-101a629227d2", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5d032d1-63b5-5ede-8e5c-f8710df9cf3b", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:711330bc-4ae4-51db-9439-08e83504a128", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-jaxrs@3.5.9.tuxcare.1" } ] }