{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3fa898a7-45e3-587b-9a60-85226b4220ee", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e0e3ed6b-905c-5355-96db-5146eb033b07", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:23d438e3-9497-5e12-9dc7-11141a2ae5cb", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:891c3c3b-9e82-5eb0-abf3-a97490dbdebb", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3df604e-42a5-542c-9c9b-5543657b36bb", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66187c07-bc82-51c5-a4b5-e51ece07d9cb", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c064869f-bb54-517b-859b-7ca27f50d23e", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:660b82f2-31ed-5ef7-b164-86ffa13ed668", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:558ceef9-0d5c-5a9d-97ac-775b946fbd2c", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7720a09e-86a1-51ea-9677-f20c9aa02a65", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5c06c78-58e0-52a0-b3f5-75b8540d678b", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dfbfa1cf-5c96-5d79-b61d-302ac8f9c677", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b0393cb-c5ff-5217-a99e-42e0dacdb52e", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:548efc1b-59d4-5d12-b8ba-55b44901398b", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e5f1bf5-726c-54a1-a874-d31fa646f4a7", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bbd34f22-9352-5de0-b80d-660f315ddbd8", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae95ed42-98bc-572b-b65a-7fb0c985c245", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d727960e-7385-59f9-882e-7249a0cce3fe", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f51a43e-083d-5548-88a1-321cef09a536", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:705f4cb3-12e8-5ae8-a9b2-0715e9bf0e14", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:786c9f2a-49e3-5de8-8297-9920cddd9610", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b70619ea-9387-5ac0-816d-e0f969a87659", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e330a81f-8a69-585c-a30a-3984a2aa3b48", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:24254b3c-261e-58b7-a0bb-00b877275ae8", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca6dd3fb-f61e-5c1f-ab10-0f088d73732e", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:878a486f-e8f7-5426-aab6-574ce24eb31b", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:538eb5e3-6ecf-5a92-8c7d-a3d9591eba3a", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce1603d1-2b17-5c37-9985-b9377251360b", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c7c668f-b774-51c1-b19e-d1a8646f14d7", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3a3a468-4fd1-58f0-9dea-cf715a4a2358", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3eef2331-5c81-5af6-b407-1ad930ce808c", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cacc0810-3d95-580e-af5e-559e53400ae7", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a589cdc-2d9a-5f2b-886c-963953595735", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbc8e791-344b-5096-906c-90c7b2e7237d", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a58fdf37-83f4-59f8-a63f-982be693f68c", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt@3.5.9-tuxcare.4" } ] }