{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:dc5ae5f5-469e-5838-90c5-bbcda9f79eeb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-service-description-microprofile-openapi", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:664ad2c8-1dc6-5b15-a030-1d44a33d90a0", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:953a1a35-73a0-50ad-aa3b-b0bcf34dbda9", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c04fe9f-1238-5257-aa10-db5a196b219b", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51961de8-0c23-56e2-9bb3-ccb2fd4a36eb", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c03b8b53-bb27-52e1-ab1d-e9d8618fba35", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a85cec43-8fe6-5026-a3ca-cd4df755b082", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:84e90e2a-50c6-5cba-b24f-ae36ed2adf61", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:141b57c3-7b69-5175-a13f-e7e51e44b5eb", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5abe4631-db7e-53ce-9831-62220b82e1d3", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8dc3f33e-8ebd-5b87-9ee9-d113375ca370", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66c1f607-40e2-54dc-a7e4-5df2161d2767", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9db6cc59-3d77-5891-bd0e-47522cc97a91", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ef7c7f9-9b8d-50d8-b450-9ac45bfc28c6", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a40bc0f3-e164-5471-9fe7-ad7dd9a75b3b", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4180f2f3-8280-5556-8497-5f425cbf8aa9", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51629aa1-f9d0-5cc5-a81e-e8cb8af3b383", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c048eef1-5977-58b1-af06-fcf085e1f69c", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:837a50ea-166c-5920-ab0e-3a7d4242540a", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4337350b-44ad-5028-b081-3ea667bc39cf", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:593ea08f-e62d-570d-97e8-746387eb9e50", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6366defa-4332-5cf4-8270-5474627bbe21", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8df50a4-9205-5a57-a9e1-8ff34a72c9bc", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86da2333-3324-567c-9847-642f0a196768", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:49d1dd21-32f7-5b27-9df0-7f5cffcf51c5", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd38cdd1-bb7d-528d-b3a6-4366d9b2092e", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5715c976-147c-5da0-a2f9-3b81dc6ba4fc", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ae7b957-37a2-5180-bd9d-cdc58a7da66c", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e122265-de10-5c30-87d4-cc303e590e28", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb1f7702-0fdd-5841-86d5-fcddb2066e94", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c51c8893-739b-581c-a418-67d19e4e070b", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:69c740c8-2f99-52d3-9a35-422c032cb67f", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b7764f2-d5ca-5a8f-985f-5ec0d8d38aa4", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:23e00e26-a5b3-5d26-aae0-7b92c69e98e2", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8d11c16-b408-5033-aaa6-6738b502f4eb", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9-tuxcare.3" } ] }