{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8ac7cb78-4cee-59b7-9057-beb55df7ebcc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-ws-security", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1dfa1b85-0782-5736-94ac-5f25af2c6363", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e06faecf-3d1d-5433-9936-81934945af5b", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:483ffe86-24c7-547b-a85d-823ae05bf62d", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c19f06fc-0f61-5b01-9886-84775c902afe", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a16d6a0-b035-58b2-9930-27e99d2be8c0", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dafce49a-1e0a-5a64-b411-2e1aef486a4c", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:400d9c48-df99-5266-aed2-94ebede11a74", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fb3347a-c5ed-5751-9b27-8edad14e487b", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74c822f8-1b1e-59b2-930f-ff47ce402e95", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11eeb2f6-94cc-5e29-b5a7-3ae6d2c7d3ac", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eace7b1c-17e6-580b-b71c-f51a5a63ecc1", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79729a20-a14b-55b2-af5e-10a0ac461638", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:43debf1f-434b-55ad-bdbf-2c638e34501d", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:311224b2-d7b6-581d-ad23-17b7889c9985", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5a18d69-9236-5b0c-90d5-9232c5ee47a2", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92431b8b-0977-5a0c-bf95-3e8dbcb54ad2", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de0f6dc5-1ce2-55d4-a628-0dc6f5551f40", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-ws-security 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4df8c768-f4c2-52a0-89be-dd692ca6ba58", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c728149c-e1b4-5f4e-a3b3-cfcc8cc54cc4", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f975d2a7-5ac5-5587-9d6d-7fa5920f2fa2", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7419728-81b8-5140-8f0f-d611e7487540", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ce81b4d-3d05-5088-84d0-e92d3d167584", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79e18069-1225-54c5-9d1a-0f4364ab79d6", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:850689fa-d38c-519b-b954-8b348c7f7962", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c614e55-0f35-551f-82ab-96a243a230e9", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de07fb6f-4274-58e5-8046-d3067c0604cf", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-ws-security 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4c5c83f-1b0f-54e5-ae89-993fc4d8872d", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53834a03-3624-520e-b55d-f1ae89faf97b", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:921f3168-d774-5a8d-ba54-6967ffc48e8a", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a02dc612-fa82-5d35-ba76-4a8ac92d1fb6", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-ws-security 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c912a097-0057-597a-9f55-652536459559", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75497222-5759-54db-8d70-e897bd0a3ff2", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:324288a8-8b70-5d2d-967c-fdc302bfa1b6", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0018409b-e409-58bb-a88d-2e859e5e75a1", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9-tuxcare.2" } ] }