{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:232b2e29-78dc-5d19-aec8-a52aa6338eaa", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-service-description-microprofile-openapi", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:02c27a8a-7665-57c4-955f-94e31e1cce27", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:355e071d-dcdd-5afa-ab12-980ebaaed165", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4bd2bc39-25e4-519c-b3ca-b5076908ac7d", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4f7a82e-344c-5743-a245-7e52bc7b3233", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33826655-2be7-5b6e-a2db-8e4f74e02eca", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f82032c7-4b44-5416-8aec-7309181abd0d", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a748b49a-b765-5bb6-855f-cb6d3e7362fa", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e260961-bcfc-55e7-829e-c029877c2ab8", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:164a7c05-12e9-5126-bf6b-b959940f87d7", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b231293b-8a3c-50ed-9f5a-fe25bc48525b", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e668a89b-acf6-5022-9511-9794e8c88c07", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c40a14ab-9b03-5b8b-a4a6-41da09b5386a", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32df8a0d-1741-5437-8407-2df70b37c1d0", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2addffed-a213-5bd0-ab6b-7daf21058176", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eec39d28-1e98-571b-a54a-dae50e4ebb96", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72080f44-eca3-5eda-b144-c89b42a41584", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c74a995a-2fab-57ad-957d-435505ded29f", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ea51b87-3356-5bdd-b17b-721aa1123681", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c9e2745-0491-50d9-99d2-d2d4379604ab", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b1637fa-2651-5ec7-b522-babfec1102e3", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f8c990f-3d6b-51f6-8b4b-9c2baa19f49c", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a417b0e5-3c56-57b7-b5c8-5680664f62be", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ccff9c3c-747f-58db-bd0c-1d7b4a924469", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b49e1226-8013-5c76-a633-d9eb12d51e22", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c411daf6-7e6a-5bde-a379-3ffe41e87825", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18ad12f2-08d7-5e92-a78c-cc9af5b5e30d", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76b9d53b-483f-567b-ba0c-001d8db5da3f", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a80af83e-722e-5c58-a6a9-180bf88b0ac7", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a98f471a-5fde-5280-8aec-70b6f81a127f", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73834ef1-2045-531b-9a02-e6f792f8ad77", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62f3b8ea-3fa5-5a50-81fb-ddfb26c346dc", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9abee5b8-efda-5f18-96f2-fd11f9974761", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2cf0d5c6-5a4c-5926-9e21-0bd063c9916b", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7d7b510-6498-567a-83d4-e3d1c5307a7d", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-rs-service-description-microprofile-openapi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-microprofile-openapi@3.5.9.tuxcare.1" } ] }