{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5261fb30-4d73-5444-b7dc-c3f05cae1ca2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-oauth2-saml", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:778d9a7e-49b7-5cd7-a9a4-444b0d05085e", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:887f509b-73ed-5f29-b1b7-20795449f91c", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a321097b-9ef7-534e-b92b-bc2215bfaa09", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da5faad8-2063-54c8-98bc-5859bf287726", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2687031-28ba-5948-84fd-63f1afc805ab", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23c71b05-49fd-52b9-9cca-f76fc4a8d4d8", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57c417e6-e980-5f79-ab83-6b81481e89dc", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91e5d7df-6c66-5dd8-837d-530355519733", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ee31878-b350-5670-8f2a-230ce856ca9c", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c692f544-38aa-5de9-b9b6-e3574092161c", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b952384-d15c-5ea8-81e5-865a442404c2", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6208ecb-ce96-5c4d-96f4-549d54208429", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cef3483b-57a6-5598-be9d-48c783ef7156", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d871d09-ab18-5925-9098-b16f731926cd", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f304b343-42ae-54a3-8fa7-760b28e3ebd1", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16fb2681-20f9-5ad1-958f-30e94abdde68", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f92ed9d6-78c1-557d-9cfc-2decb4c2017f", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security-oauth2-saml 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9240d1a8-1695-58c7-b5aa-4c7a4a7fb505", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70beaaf2-69d1-5e79-92ea-18b1236b630b", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c77ce0b-6207-586c-bd59-c8bd7a5eb6e4", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a843dd38-2bbe-52ee-af23-447f6e4075b6", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2b30484-8809-5f69-becd-488c6f33ce8c", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1727c9e-25c7-5090-a5a1-17ed40c02a23", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83deb99a-629c-58c5-a99e-cea1a65329f4", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc72a167-c38f-5dd7-bfec-d6a5001b29f3", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58279537-5354-5f88-8921-8d69715d439e", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-oauth2-saml 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a2d7bac-d3dc-5288-b683-95a62314d5ee", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:319fe079-f7e1-5706-916a-fdc0810fe12b", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68540a37-70d3-5c91-806f-10a76ca58636", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e56135b3-36b1-5fef-a7b0-205c572e7a07", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-oauth2-saml 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ded4b6d6-47e8-5beb-8df3-f00037a44463", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:404cf62f-8982-53a8-9a92-ca8472cacf84", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:289eb134-a277-5fa6-b0a4-262714b806b2", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2bcd0d4-b699-5032-aa81-6b4963c74d33", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.2" } ] }