{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f5744c4f-d829-50ef-8b13-ff3f0228cbb4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:eb914bdf-90bb-58ce-907f-0bcb6534c2c0", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4990411e-605d-5273-9986-abd3ce792828", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8d9d791-0dfe-50f4-a467-b7b08962124c", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06d8e684-6aec-5747-b565-2ab3c8c3864f", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e31d326f-61da-56c1-8c50-0cd79b921cbf", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb813477-b5f4-5a8c-a707-f3bd6b795fab", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26ddf918-13d7-5543-a26e-b8e57f17ef05", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0528c9ab-aedb-5796-8835-9267f3e2dc09", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86fef89e-df13-5506-8e82-f49742949e93", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bb96916-b2a3-5548-aaad-12a8a0767698", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90542a4c-658a-57c4-a586-8a71741f8c10", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b632163-2e84-5bab-9f4e-71d1263ef710", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f705acc3-cb09-5563-82c0-9bb3761eb99f", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37dd7734-3962-5ddd-9e13-b7b6553c748b", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8de5f74f-932b-5eb2-abb9-3f52a8769850", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b76da15-e421-56d3-a07c-6033c8050708", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0569775-48e8-5124-9590-34217ea4296f", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9039e42b-73a5-5448-b8d4-f86b5e0a820a", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6bfeb53-5544-5d58-bff6-7dce1afd679c", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5cb7cfc2-8aac-58b7-ab32-e4dd12cf7772", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6604b74e-359d-52d3-a273-26be1e6a8db1", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4556b04c-b067-5f3b-bdb9-ca478dcb6435", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7baeaa1-1a49-5179-8e86-b44d3faf696f", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0279cfca-f9db-522b-ab2b-49e3b9917189", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:087fd110-4fcd-53db-b2e1-087de2e50f0e", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73d80f76-728e-54af-8bac-b5badacb2bb9", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:416875d3-3769-53a4-8014-ee7a24d6361a", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0496dda0-60d4-5256-958a-ee2c602f9c6a", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0b35dca-718f-5073-bffa-9a4dd16ad614", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:324ef48b-e415-50be-82e4-e9e212cf00b2", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a419da43-8a57-5a66-a4e7-1b57c70a4991", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bedb7e2e-339e-5881-9d64-ea2216012300", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef97f097-d1a4-5054-97f7-b126a7fd4846", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1412cf5e-e715-5913-80bc-70ea02800604", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security@3.5.9.tuxcare.1" } ] }