{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2f0f20fd-5729-534d-889b-efc92621e204", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-jose", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4e72bc69-1037-5880-a947-bb6c77e17832", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a98fd66-44f6-5bb7-822c-e75b5a6055da", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b768d24c-d8de-52b8-8477-125f40b68b57", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b61dbe18-90e0-54f3-9ba3-a13938e9a881", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8650d7a4-a202-5de8-b741-d6ceaacbc5ae", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:844d4115-92ce-5dba-835a-ee7427b7b072", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:559d2649-eb0e-58ab-ba22-7f5e88654d75", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1736e211-4b1b-533a-9b39-f552e61b4905", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:23f7c8d6-b412-565c-b557-ff8f912cf05e", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:af3ec6b6-ba43-5c96-b138-bbcb88bafb0a", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e8090d5-297e-528c-b32d-2c985e43208c", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9c426afe-bbe3-564f-af16-0bc310e52525", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bfebdfaa-cd52-578b-91fa-74696406a9a4", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46ebecaf-f2c7-56b7-bcb7-2da9d2be7067", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:50f483ae-6b06-52c5-a58e-7946e43e93ab", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f6c9223f-2a70-50d1-9e72-332a0bf08d8d", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08012d01-f2ca-5032-8330-87433d93e37d", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69f23404-0381-5171-9ba7-9403220a3a9a", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3bbdc711-d1b3-59b0-8117-53b29c409c7c", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:95d8c1f2-d539-5a0e-9fb8-c624ebba1746", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f922790-4f53-52f4-b573-2e1fd8dfe415", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6fd0f7f6-b521-522f-8d91-59cc335288dd", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02a04fbc-c33e-5a1b-aa37-50bd456b39dc", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9369118f-da3c-5e12-9d1a-ad779bd19ef2", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61ca3246-9f09-5171-898d-165ce8bfca9b", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2db3a775-2dbc-5327-b779-93d3b70a280a", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66786158-5e92-5054-83fc-c22c9e07b8d3", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d6d3cbdf-666f-5a40-a04d-845c3e5aae1e", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:64a39df3-d7ca-5003-a579-7510adae9bf4", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97e6f661-6ada-534a-94cc-32bb66c7fac3", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a7a8f6a-230c-5301-a1ac-d58411362ab2", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:60e1b976-56db-5c92-b271-7aff61ff51c5", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a2d03f77-76d2-554e-a7bf-16a00c81b7cd", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c5deb879-e2c3-50d1-a9ad-62dd9c793750", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9-tuxcare.4" } ] }