{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5e031c63-dbd9-5ed9-b8e6-f82c959419a6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-xml", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6d3138bc-b77a-50db-b75b-cd44fe272a14", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec9f1b29-3649-578e-bb2e-54cf6d805360", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b39a4151-bebf-5575-bafa-c3c3f907922d", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cec5f4e-350c-50f6-8020-0d869af59d54", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8dbe614-4b93-5bf4-b91e-5db1dee35e9c", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7889fdd-0c62-5ba6-b8ce-efdc8f7b02e5", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c23ea3e3-7128-526c-a987-f98033280a64", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec72b3e9-864f-5b34-83cf-c36859d73e31", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29c39f1e-ac23-5684-91e3-b80a45bdf3d1", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8fe7ce91-3098-5b72-834f-245b00dabc0a", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7da530bb-7b5e-52ec-92af-02a9c732f40c", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbd4d16d-2e1c-5f13-90d8-20c30e28f1b2", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a127b96-816d-5a67-956a-fd4f00292139", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2fac603f-9607-56a0-8f31-834d7ac93214", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:253bc5df-a000-56f7-968c-f54134268da1", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76189d5b-929d-5328-af04-de90556d2716", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c8417ef-2c96-5f42-a3ed-6bb71a7a8fab", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security-xml 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e5436eb-dd31-5dbe-9c7b-1a7651931ff2", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:826657b4-7eb1-5400-ac17-de0421145977", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab4c7152-b536-5409-b08f-23c71eb42a2d", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a13f272-3530-52ad-bd84-4670a6d0bfcf", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02dc0d77-7c37-5865-bb74-8240f0354742", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b844a1e-d02d-5483-9a54-d8a58d37cfee", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d1ec596-0440-5626-bec2-7d01457f5991", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77a3c1d5-947f-5674-9987-218fdd86e5c4", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:098fd79d-35f1-5907-8b2d-6bc37ccbb469", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-xml 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e91438d9-50ae-5e7f-a908-ca2253e41b0f", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca254a16-141f-5dfb-9541-7d049ca14e40", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1931a241-43ed-5754-92d1-80ac56c9e243", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4dbd0925-808f-539c-a9e4-33da57cf59b1", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-xml 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d0311b1-814b-57d2-8b54-399bcde817de", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96079d38-1577-522f-b003-49e56dbe01ec", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0b294a3-0768-5c66-baa4-ca6b87b4a833", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0149a397-b155-5b7e-a044-ac8958029e64", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-xml." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@3.5.9-tuxcare.2" } ] }