{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:79f0b521-5477-5e94-8a90-75b9c61c31a6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-ws-security", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3c8c7791-ac82-5410-9f76-783e911fb097", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a1351c0-207d-59ab-84a5-ce0b43900837", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02181060-56cb-55d4-9f9c-8082362e39a8", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96f42010-f5a3-5f2b-a0bb-f08e32271e18", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e90188d3-b75a-5b41-8be2-96d5eb89e4e6", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04c02981-7d77-5c05-acd7-b0dae94b3700", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4ae6deb-c0e7-517d-87fc-319519adb7f2", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:510caae1-4f16-5f17-a566-2ea4cb26245c", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd15c19c-beb9-53e0-9293-6477dc94df9c", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfe16949-5841-5916-be6b-29f9eb7307cf", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7483789f-cf40-5373-aa6d-29709a956651", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:901efcf5-9bbb-5b6d-b21e-62d044ddb48b", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:552b0194-c62f-5173-a3d1-de0bccdd6d63", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3b92ba9-4077-5895-a824-998cb8e4848f", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:217448dc-c775-537e-8b5a-2a57fcf12dbb", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb63ed14-94b1-5e47-92b1-f6d3a575249d", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:728b4e77-f64d-5919-bfd2-a1392694da26", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-ws-security 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81e44ee8-1579-50f0-a904-9eb8992a409f", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6647b65a-30dc-52e1-8cdd-f904234853d3", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ec9672e-088e-57a2-95ad-3cbf2e5c9fd2", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9810675-5bb2-5b7b-9868-700505f73696", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1b5d185-b1ec-5d2c-a992-a62cb5aeccfc", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5d0017b-e30a-58ae-8913-41d479cc88df", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1927adce-71a6-5b85-992e-2ab25713cc70", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9290f247-170c-5c23-ad10-5e91613e8823", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71666f54-fdc5-51b9-b50e-17390c78b1a8", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-ws-security 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ab0a1dd-5ea9-5bf9-b088-2a853b14eca2", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:133b0adb-3434-524b-9697-9aeba4b9b087", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c54e58b-df6b-58ae-a0cc-eca63be3a332", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3112af4-036e-5436-8604-54cc0c7e8937", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-ws-security 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d6bf065-b0de-533a-afc4-f6f8c1157f4d", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2b78f8a-ba80-5c4a-a322-23bc79a6b5f3", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed5381f0-9e11-5a38-b3e8-20bb65f9fb12", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81dc2e34-ca0c-51ae-8091-56ba82c79df3", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-ws-security." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.9.tuxcare.1" } ] }