{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0b0975b2-b027-5e1f-9216-6a30b1131c4a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cb113ae0-69cc-5185-8c80-b7f014fa699a", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64f815d7-2011-518c-ba8d-c62cdfcc593d", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7f32faf-2e26-50ea-a1da-e0efaa75dbaf", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16f50508-786b-5ac8-aa6c-c29f5fc7d726", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f473670-687f-5c1d-b329-129b6b44c820", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0322aca3-4e2f-5e9b-9206-0157048e569d", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20b4aa84-df79-54de-958b-71fffc0902b4", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2311d6c-648f-5fe3-a998-cc77db0d6bb2", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f739458f-eab8-5f2f-aa31-23840a0c1059", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7f3635d-37f8-5a98-81de-12a918e9081c", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9acbcf76-e032-5b16-a574-539e494aad61", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d15c5535-b732-5728-9471-d89c5afc6b2c", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22c6f02f-582e-54d4-84b0-45c5f272f2a4", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3209bd2-2b9c-5a92-85a6-30d16d930a6e", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eea9c35a-d851-5f41-9086-889bde112380", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e41b5e8-db2f-5bac-ad4f-1e58656007b0", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f69d2a02-16c5-5b71-aa4d-bf7eb5127241", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04860ed0-4d27-5baa-80c8-7cba83a72296", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb1ff4ca-0256-5fe2-a6d5-7106fd90ff88", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a17c7ea8-dbb3-5b9c-a509-8f6115ebf9c6", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1bc30f8-d12a-5e87-a109-5576eac1afd5", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a09642ca-1128-5c7d-95d9-6bf641e21926", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2613f93b-3e2b-555d-95e1-30c0fa1c0bb3", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b066a958-1e6a-5155-bed6-a215d1c2d7bf", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:612004f3-4d4a-5543-a591-25bf124bae30", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98e0768f-9445-5eda-9dbd-e16486eb6e7b", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d52e2942-1361-55b8-9fdf-7e53a074d011", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01671b86-b86a-552a-a491-e9ce72a555c0", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1164f10a-39e1-5cf0-a5f2-081efcef953d", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e1f0429-bd31-552a-a978-15443c0c0363", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff18285b-b690-52d8-9ebf-fce9eb4c9f17", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e0dad82-9480-590d-a152-ebfa384c5cf1", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a64e4173-f55c-535c-a27e-4ac0b1fc4e3c", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26789a5a-fbc8-5387-9ec6-ee1541e48895", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-rs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs@3.5.9-tuxcare.2" } ] }