{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e1261e09-c37d-54fa-9640-d701be0257f9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-service-description-openapi-v3", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c36227f4-9cb0-5dac-8730-4301161ca92a", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57b8a27f-0d4d-5c83-b775-ca6b1349e5d7", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2bf5093d-0e93-5a09-9a02-3543f238cfcf", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bbf78530-7da5-5446-b504-163233231c8d", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:772c2b4a-259c-5c9e-87f0-3db081c3510f", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:64fd7c07-222b-5d81-82cc-dc77a87f1ccc", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6880d56-6078-5c42-843b-3b25622d7232", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1b9e3b89-835c-5c21-bdc9-c906038ed328", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39c0bfbd-71fd-508d-bf41-8bcb4b9581ce", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61484b57-4612-55e2-9b7a-c5567acbc8d3", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66ca5c11-092c-55ad-88be-ccac5f1bb8b4", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:872334d8-3cdd-5c42-8838-7e07ab031080", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f136108-c5f0-543b-9f78-5114bede5c08", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9c10f5f7-b40a-57ac-9ffb-b4498d6ab10b", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:43723467-49a1-5b27-9528-74bed9317f57", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dcb2ec5b-c011-5bd7-9d5c-8c3374ce2e37", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:608ec7d0-57b7-52d7-81d1-851cdaaf9e30", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-openapi-v3 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e03ee013-5d0d-5c05-ad2b-837142993592", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb46176d-82e6-598a-8761-1aa72ea04382", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce340ece-d86a-5e8c-8247-882dad095584", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b4e59d4f-89ec-5a22-a8e9-d805609651f0", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9aef5023-7890-5226-8ed9-d8d4691717b5", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c59fff1f-7f8e-5616-a76c-3ac96380f130", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d4741da-7bf0-534a-8921-8e3160abf6bb", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c805f90f-b762-5c65-be0c-c4570cef2a3e", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b0b4d18-b580-522c-af3f-e21ef4c88b15", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-openapi-v3 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2cd19fb4-f0cb-560d-bec8-17feb9272f3d", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8e5d1b0-f64a-59c9-9fc9-6ee1ba3bf24e", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f237edc-c54a-5449-8c96-0b03c7e5149d", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6c6bba74-e7d9-5b4a-9429-08d72fa72f8d", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-service-description-openapi-v3 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:147dd32f-6f6e-540c-b0cb-bc3ee079fefe", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5365028-e1b0-564a-b131-75629c299f14", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57beeebf-1273-52b4-9157-c1dd2a0480af", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2ed62f00-ef1e-5930-a49b-3e4065b605d4", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-service-description-openapi-v3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-service-description-openapi-v3@3.5.9-tuxcare.4" } ] }