{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4e169901-4dba-5ff8-8890-a9bb7c314652", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1e850327-3064-51d4-bd10-0209c72d51f9", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe9a10fe-d0c7-5390-b61d-cff31dddc9f9", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85aee71c-d407-55f9-8a90-19b6ab036b46", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a239e7fb-0879-5c58-948e-9afa775aa8f7", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a44b93d0-db2f-57ea-b22a-85fdc747cb2f", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e013fef3-4858-50ee-8bb9-8947f0d58b0d", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11706388-ef61-55e5-8fd3-b1d4b0e6f04e", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10d192e4-faf1-5405-a4cb-628af14233dd", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b3de5b3-ed96-5c18-b9f5-b80cb39b85b8", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c674c177-9f03-5bfe-9f03-0b10e3596212", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c47462d2-b8cc-505b-97a6-b5f8f4ef5e1a", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff401cfd-fbd3-5bb1-b534-5784da261ae6", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c37bdbfa-0bd1-5547-984d-adb807ae9c58", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82dcb0b3-a774-57e1-a074-0d86074a09c4", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01377613-abf6-52fa-96a7-dda4b8dc66cd", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5b323b6-41af-58c8-a57b-650481b4a644", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2efa3f3e-abc4-54fd-9784-1320484c08b6", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff791879-1db2-532e-a23a-f08cb13b1143", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83ee20a0-e55a-54d4-892d-845b39850cc9", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be93fbec-055e-5521-bfa6-4f0a83582a92", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05a87db0-8122-58e7-88c5-7f19aead5979", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ec99556-6b5b-5eee-864d-d8c22e858dc5", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:252a9a14-3939-542b-b715-c4c95fb44f20", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93857a07-a3de-508b-b50e-7b69abc58f09", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ebdf25e-d553-546b-b2f7-fafc3e42d9c6", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db9f3a0e-781c-521a-ae32-f0e4bd42a6ae", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb63f128-88ee-5b51-a3e6-675aaa633b3b", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9b7db02-8d6a-5f1d-8bc2-0d8ee2a8ac15", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86b4bda9-ca84-5da7-9e06-31f1f7de4186", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09c29329-64e4-5e48-aa79-7d477c197679", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a2e193b-bd85-5071-9d4f-400dc18c9715", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75f5e2bb-e57e-5f7c-be64-7c6a5b6d1242", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e07c5f3-31d5-50ff-aa5e-83955983e3f4", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3907a76a-7d48-55f5-bbd4-78dd82756bf8", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.2" } ] }