{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:da605b4e-ce10-5f84-a4d1-40a9e2157fb3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d8760d72-a6ea-5d72-b5fa-05bae3c03941", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40e03214-7d11-5e36-b7ae-79dce58c2120", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a26aefd-b25f-50fe-a968-56f279c443c7", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21e206cb-1101-5707-86f0-c5f19776028b", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cfab572-af2e-5844-bc76-1b3550be6223", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa46222a-b18d-52c7-a270-318b497746cf", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3fbfc7ad-29e1-5f94-ae1d-635a2decfacf", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21238ec9-234b-58ed-a75d-b2604ea8d2f3", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d1b3d81-75bc-56e7-926e-5cf07cd7cb8c", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53651e71-0f2a-5e31-bc48-0597472db568", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76983789-28de-5cd2-b80d-dc9291fae4e5", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c9c94de-be2d-52e9-a517-d5471b457458", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4cf4e30c-e41c-52e1-bae7-cce11c3ebd61", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c50e0896-2d93-54b1-b12c-818ec51d2cd3", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa8a7988-e9bd-51a3-b642-7b0ea9227ce7", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af53c572-3662-5842-9f64-93be81134a22", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a5304502-b804-5f47-b1a0-189be4a8b34d", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9995f7cd-cea2-5a93-adba-2f0a88410921", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:724123c9-b569-5764-aff3-3ef791896d26", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:008f1644-52cd-5266-91a0-11dc4860e35c", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e13bb5ab-3cc6-5748-9f0a-48026e66251b", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98f9decd-da25-5616-a3fc-d97d7cfd8d1c", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:757a798d-5198-5bf7-a826-eba1d662bfde", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8deb105f-3228-59b6-801e-21ba00f0e299", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:259e5047-780e-57f4-9c86-5f37e6639234", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51af1049-f8bc-50fb-81ef-81455c5f3ab4", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:323b2755-646e-55cf-9476-c80b089dde18", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:faff79f8-09ee-5ddf-8e88-8cdb23fc56d0", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3556bc9-4269-588a-acaa-48d6f7269c39", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd85b220-1126-59c9-91ac-1c90e3841077", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5fac5ee0-fa40-51b5-8a0a-cec28be2b7e1", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a719381-cefc-5074-92f4-ba06df06509f", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3944a782-2090-5d58-a8a8-2fefafc99da9", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43b765c9-31a4-510b-a578-1da0d6832dc5", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9-tuxcare.3" } ] }