{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:75eab4dc-162d-56d1-8c27-a969ee719eaf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-oauth2-saml", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:eeb27253-9788-5d7c-9d2e-9e1f3f488708", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:436d31bc-5f38-535a-9ea8-1f95a76e8ec2", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e23a8735-0219-5a06-b0d3-9e33701edb69", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a70963d-b261-5f28-b4d1-a33b1a29a52b", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:774fdd86-4e92-5ffb-bbfc-42cfcfcfff8b", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53935064-0c3b-5d66-9545-fc9d48b495a7", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f327f85-8ed2-5d60-a209-7319717c79bc", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae9587c4-460b-5da7-9ba4-545db2ef7d7c", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e1aeb849-3047-5a37-8b24-2b8c39e7b9b4", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f2140578-2c6b-5bee-8b5b-eb3034ddadf8", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e53abd3-ffff-50cb-a842-17aae2e1d020", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f23ec790-583f-520b-969e-7031abf6739b", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8317dbdb-af7c-589c-959d-d2471b7a3fc2", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f0feacf-ade6-583c-aa9a-db9ad207be32", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a4fdb898-f1c4-56ba-b1b0-171da32dcdae", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79e69b57-c04b-51cd-a97e-47b2d0eaa208", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3558d7df-cab4-5b33-8b60-b472212f1e95", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security-oauth2-saml 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ba954fe-4c79-52b4-a273-80b6fee40da6", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:470d1fed-0df1-5237-8a97-b372bacfc3b5", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ef72ae9-3bfd-52ba-9d91-0e273d683a83", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c799518-1091-59c9-ab98-daddcfd6b210", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a931a1b8-95ec-53ca-8b42-4cb06b551ac6", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3a3e10d-a984-5c8a-8374-bca5192f8809", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b14931d8-b0c9-52b7-9f47-a38d9e918531", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ca5b948-1fd8-54eb-96f0-c8a1064ba0b0", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:46f0ef3f-ea1a-5105-a50f-3ceefec1b9f3", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-oauth2-saml 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76f87627-e545-5464-af3a-1f2e71d0b761", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b01d676-5ab0-5cf3-b909-0da3a287d83d", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:216cc4ff-2ca1-5352-acfb-93b894cd1f10", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04b7c95e-7baa-596a-8600-93f65ef892e6", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-oauth2-saml 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:389db944-383b-55df-958a-69fdc3c16164", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3971ee2e-de36-5a9b-8681-9374e1e11ddd", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c647ad05-fbea-53db-9fc6-9cf6ccc73858", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b81e4135-df29-5e4e-8d68-5fbf1651f8ca", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security-oauth2-saml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-oauth2-saml@3.5.9-tuxcare.3" } ] }