{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:72aa654f-d636-58e5-94f9-ecabd13a5b28", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-security", "version": "3.5.9-tuxcare.3", "purl": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:24457546-5cf1-5f70-a78e-41a89e19b2a9", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c105df69-272d-5e7e-8ac2-999036782245", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31de50a2-5175-50b5-adb0-9893ac4f523d", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9120ae23-4703-524c-a229-c33b2d0d4210", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba5386b2-3f0d-5192-8a58-df3d773d24c0", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c603415-0253-5265-9646-a148b9a8e0d6", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b26fb83c-d939-5def-8745-e691d619e32f", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54279e0e-4aa8-574c-810c-84bc1d7e5f3f", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9e2084f-d662-588f-9a08-01631e0f25b3", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fb10f92-0b01-578c-ac20-1806bf969504", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70bc1ae6-1c32-5a2f-b221-f805c661a8cc", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7725122-a237-5dbf-9d8b-423d46cbc685", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5fb8cc51-85ed-56ef-b70c-071154d881bb", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bba6d860-9f1c-5925-ae80-33d0c24ca3d7", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe6e6e1a-314b-591e-9e4f-82c3cfefa00e", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be5f4832-ec65-50b9-9dca-72765999e5ee", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ccf18860-9fee-50f0-ad88-891b919a5baf", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-security 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:785eafab-3d66-5648-825e-37bc4e02b642", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e48dd08d-5bca-543f-9238-0d1fa2dcce07", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00b5346b-508c-5f22-a23c-b133ec62a4d7", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d92cef9f-b65b-54a1-a8a7-320bc632f1b4", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fd67914-f6c8-5fde-a939-db03faedf22b", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8dfb349-7c8b-5b54-8600-ad8992246447", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea283973-98c1-5e0b-97e6-113486230fe3", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3ac247e-7ac0-571f-9303-74a9e7a979af", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c1fafdf-3f37-53ca-8d7a-e557d5e9ff99", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-security 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77560027-08a5-57c4-b2d4-14294bc1999e", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5c66035-e631-517e-a26e-36e9c49381ee", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6bac301a-21dc-54ad-94cb-137e607864d2", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4277ad67-5c65-59b4-a46c-d87e7260eb0c", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-security 3.5.9-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:90b865b4-f2e0-5190-bb0b-bc931daaa604", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a5a0e93-b617-537a-97ee-e7374a7e1b2e", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:101e2292-20b4-5445-8a57-2e6cbec0b075", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ed7a463-8f65-526d-9e71-5ba8778bd687", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.3 of org.apache.cxf:cxf-rt-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-security@3.5.9-tuxcare.3" } ] }