{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e8b3d15a-04b5-500e-aa34-67b556168eea", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-oauth-parent", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0dc85e41-4c8f-54ce-adea-e3f34c6b34e9", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fc100f46-9a1e-5aa2-b85f-f56a16eee8f2", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d88c8736-2177-5686-a019-40d3b3b19a27", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6975e8f9-7989-5d68-ab30-731227e43eef", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78baa899-fbd7-5023-9d2c-9cf5cc6707c0", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:382cdde3-8f08-527b-b2a6-f006480561ea", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:724d02e8-fa40-58bf-840b-9864d6284182", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d73195c-ec4f-5d3a-b150-82aaf94ada97", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7fc09aa5-e480-531b-8c73-0643a8471983", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cdf05a70-ffef-5c28-bfbd-dce35e1e5595", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:87b0f736-9772-5469-9e97-21d1edc496e2", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f4255d9e-68e6-59ef-9517-ec3fcf282d51", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd13b307-9d6f-5dce-9093-6a022e83b5f2", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f8cb533a-a6df-5c6c-9be0-3c8b2751ebf1", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:120166e1-6918-515c-8bd3-78c3f12c5962", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e3198605-d539-5472-bbf5-6b5d20ba4c86", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:effc6dd8-dfb0-583c-a3b1-4c6b771ce385", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security-oauth-parent 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:09dd7f86-3493-5000-b11d-ea544806ab77", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a13648c-62e1-5bf3-87a7-d794dc53914c", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f212f88-8c21-5d39-b26b-e1c73c7d9500", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1e52862-a547-5609-80af-31f7cb7aa24f", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1119b385-e26d-5311-a036-8df82752eef9", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a684070f-95fb-521f-a4cf-103db1e3683c", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f72d18f-20f7-589a-bc48-ac393c988da0", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de12ff72-f079-5075-b23c-db0b48c86678", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e515bafd-8986-58d9-88a3-0d65d694a00b", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-oauth-parent 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7cbd7080-a2a3-5925-89ee-d000142dab55", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9ff4b8c3-fe17-5e14-a2ab-56270a7f63c6", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7925eeea-7d9e-5290-8535-c9cbb4ba7324", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a82a0dc0-58a8-5694-a76b-ec5f8293b7a6", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-oauth-parent 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9169f8d-5ca5-5779-a651-bc1b234fcfc2", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df26adf4-a4ef-5734-9506-4dade718ec37", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57fabc0f-80f3-5f99-8a1a-d715e21368eb", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:429ec73c-db40-5d70-8005-24c5eff4d5a2", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-oauth-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth-parent@3.5.9-tuxcare.4" } ] }