{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:65b92568-ce46-5d84-9f73-91a1e4205e25", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-jose", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d04ebf6a-0188-575e-acb9-15ca92d0c7a0", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61063bb7-6b64-5d38-8fd8-42ac1fe0a4c0", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:456810b0-9013-58e6-95df-be8ce436394f", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36f7b73a-a50b-5f58-ac56-f941b797330d", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7625632-a9a7-571d-8141-a75ce5dffbef", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8cf39ed4-a376-589d-aa72-55c8ee1c5ce7", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2acb6727-b4c8-5a05-8342-d9bbccd0b676", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f483cec4-6878-5acb-88ca-eada33ca505b", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f400c478-f3b4-5aac-a3e2-138a6ea28225", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e0f1196-2598-5483-b84e-d6e2c75372b9", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1153d858-956b-53b0-9d2e-2abf3d874a28", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:943477f1-b435-5d6c-8a5f-362fab64edfd", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6836098-9c71-5833-9846-495ccf9fcaab", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cef1c4fc-91a4-57ca-bbd4-7dd3a25c25e3", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b99873a8-23a2-5b94-a6cc-e85f4dfaad09", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72616f1f-7e1a-5723-add3-0085db51eb25", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac993b31-953c-5e3e-b1c2-891820bc906a", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6117e7c1-1fd7-58a8-8982-ed5f6bcc3ac4", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f369af5-6795-55f5-a4b7-0b56dd6440d0", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:353c660a-fca5-59e4-b389-de5b9d772471", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b856caf0-4f4b-50be-af24-4dfa79ae8cf9", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23d54ed4-6b64-5af4-90ba-f5d8749b6050", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06acc0b5-4901-588c-ba6f-0cfdb86645c9", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c2785ae-887c-5803-a8b7-a934b24f7d35", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96a84b80-6067-56f1-adf5-d83e62650edd", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cd956c8-6ffe-5bb0-aa51-5aafca7907e8", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8317472-a6d4-5c5a-b05f-6416fa9f62d9", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db8712ff-0ec9-528d-8fa0-245b4a779edd", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5c1bf5a-f36f-52f4-9ff7-2f38c78bff5f", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1b568ce-2f5e-5593-bbc1-f3eb10a19506", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-jose 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77b020fa-d0b0-561d-b0b1-4992b817d806", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e5d11c4-7003-50dd-a5ba-eb1d683b5d1f", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed1f5a5c-4ae2-5855-a146-838e87bee5eb", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23002a44-1618-5883-8472-e6842684fd83", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security-jose." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.9.tuxcare.1" } ] }