{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c89d39de-2c94-59a9-87d3-e46aa1c3ef32", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-service-description-microprofile-openapi", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:acdb72f3-803e-50b0-a9cb-1875e383a5fc", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:730a1334-7fa6-5b86-bbe6-dbe081b1e341", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7bc6dbb0-a230-5705-901a-bdd907e71759", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2905889-2f39-56d4-8273-6fc19c33141b", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5f3a92f-c1db-5109-9c0b-7809af8bb147", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27670d2f-7906-5ebb-ab67-932fb2ec3af3", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4918791-c63b-5924-be9a-f7188915a1ce", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d82c915-88ca-5843-bea1-c900f81e92fe", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d3dde39-70ed-594e-bfc3-06500d04420c", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea33a3ae-8352-5c23-9d05-9e790dfab246", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4ba6d02-c43f-5e52-acc8-cafdbce66c79", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52d722c2-6b54-5135-8f2e-2416f62867ed", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67a835d8-727b-5de4-a96c-36e037dd5bf9", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f09815f-c7ef-5fa3-8241-ce2cb8b29ac1", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a99af8b-eca6-57fa-a8d2-e37b89712c6e", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab53325c-1d29-5215-8f1c-13756a309698", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1730626-bd1a-5248-9113-836758a68a75", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b200267-5ec9-52a8-833f-b0299691f8e3", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:254948ab-27ce-59a4-b558-85b783bb92bd", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be49dab5-2f63-5038-99b7-347d820f5893", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8215dfb1-51cc-5a73-a008-6dd0c8794101", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb4a16de-dab3-5818-a1f0-3e0667ba2eec", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:095aa889-2422-524b-a2f2-9545f4602844", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba9324a2-e1c0-51d1-acce-c1f675688ce6", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07679606-fa76-5775-9a3d-eb197a13d3b9", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef10ae3b-1e11-5e63-bdc2-6d736b596dc4", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd69bd72-1f24-50cc-bbd9-5045e2fd664b", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cea91a74-ffa2-5d00-9c5e-1dca32fadfdb", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aff79021-c845-5504-96af-5c01df43d5df", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c5de567-da18-52c8-8ab9-950185b751f3", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ad4e140-3215-5551-b4cc-9efe2a46f688", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfa182cd-8004-51c7-b574-be372d25b6c9", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30889726-c653-5e38-a4df-634173838a5a", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6d2aacc-0a2e-5205-9683-b4811edfa1ef", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.2" } ] }