{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c83774e4-dc48-5735-b626-143652b6003b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-jose-parent", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:20cfcab1-02d5-5d0b-b37b-d4236ebf5275", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c98af5c-2d04-5e02-b5a1-e5c8508feafb", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58e03c23-eb31-5fd8-a9d6-555ee3a1c886", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93d8b048-b747-5053-9e90-41d83cd07aac", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f915c2fa-dcc3-5d82-a399-2b92895e4611", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbb017b1-1a9b-5e8c-874c-2d8143eefa60", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3defbce-216f-5990-bd48-2dd10d44758b", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86a3900d-19e0-5414-8030-329edf627d92", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e267f5c5-556b-5b9d-8a15-17475de8f083", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52835bcb-c798-52be-870b-76cd537c9d35", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6fee4365-d295-5417-8ad9-9e0300e2d8fc", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eac09f61-7d15-5861-b074-22cbccc47a7e", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcf557c4-e37a-51a2-bb90-d077f90ae73c", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24f26f9a-190b-5906-b98e-a60f6cf4a320", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df602751-1627-5daa-b2c4-bfab318a9dac", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:011639e3-fe3c-5873-8b41-73de5c272e03", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:571c835c-5ea6-538a-8336-3ee76d25e9a5", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose-parent 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9c90863-cfc4-5793-aa43-45930ff7674f", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33b25ced-4f48-5900-aea5-91f14a014695", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdb3bcc5-955b-58af-bd95-dc216d32f0a8", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72df4697-56f7-5e1e-9926-4ba075d286f3", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a32964e-d7b3-5ada-97ab-1fcde6e4f050", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53f4524d-b0be-57b9-94eb-7c62eae06f8d", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a51798d-d77c-536f-8cf6-d1b11679ba4f", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:931a8f12-09b5-5454-a65d-79cb6a93a9f4", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0dfe851-26be-54b1-a2cf-1da679030235", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose-parent 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27f67c82-b47c-58d7-89e0-ff5a1e989788", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18c731ff-aae4-56c4-b31f-09b7b9be21fc", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6aa4b3b0-d2ce-5bc6-8334-db5046d8962e", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d43653c-9775-5b81-965a-bcb23ca802ee", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose-parent 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9126b862-f1fa-5db3-ab00-63e0b5aa8d8d", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:393d24c9-12fb-5263-9492-9c8e6ebad5d5", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e81d0cce-f0b3-5e75-a3d9-541c4abfe81b", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aed1b17b-7d9d-56b7-8f90-ac3c4be20df5", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-jose-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose-parent@3.5.9-tuxcare.2" } ] }