{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c335d25d-51f5-511c-914d-ea5f619cf665", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-runtime-javascript", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a2c89120-9488-5b49-87ce-3674f59d100a", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d02c30d-d4c7-5c0f-8d36-f3d5e69c90f6", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b686607-be3d-5db2-9f7d-2dee11d12f8c", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3dadceb-fef7-5c7b-9367-9f617160818b", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d26d78c7-c2dc-59bf-9cdb-df5bb626668c", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75f5e40a-3b50-5bec-a54d-357b52020db3", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a93748f6-7ead-54d6-975e-286fdeee3bf4", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9472af7c-77a6-5c09-bd61-1f9325ad2196", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70748967-85b9-5033-a22c-2664f2f0ab90", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e7c2787-ab06-5347-a795-36131345e1bf", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aed567c5-716e-5f3f-b0ab-dad33b96e75e", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77670dfa-c673-5f32-90df-b584621653a3", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8360885f-7697-5cfe-aec9-1dd74981c98c", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c60eb141-9e5f-59c2-b5ce-fdf23ccec51e", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae401e11-5240-55b9-b1d2-5956a9488fe6", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6ea2d3c-331a-58ab-aa1a-914fe39355ef", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8073edd6-9f70-5d5d-8586-65e91c39559e", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-runtime-javascript 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2e62295-5add-54ba-89b6-2362b73ae99f", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d412bc41-42a6-5c11-aeb7-30cc297e27e2", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11fe34c8-3c3f-5674-a381-b86f748f94e3", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56909676-4d06-58c0-bd0c-9fa905a918c9", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae8c09da-bf66-5057-a61b-370d84ed29b7", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6167211-b54b-5460-a507-3d27c08ab71e", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2305bee7-b224-5728-a00f-f1a779293e46", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3cb848cc-15d1-5f60-91fc-ec75416f09aa", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2dcc40d-3534-52f9-8fae-e18071c5ece6", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-runtime-javascript 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83d10571-43ff-516a-a667-587b3cb0dfbd", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6a113e8-cb0e-5b0f-b0d0-435434716768", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86d9c163-885a-5de0-afd0-9d54cabc1c40", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc72228a-814d-5d6c-9b2d-dd3e574b3162", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-runtime-javascript 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64d1222f-d141-52d0-b651-baaa129f3031", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a88fecb4-9397-594a-87c5-06760f504b8d", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ffd906b9-834b-5328-9e82-bf5b778b9429", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6708a56a-47b4-52ea-85c6-b803c5c08dfe", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-runtime-javascript." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-runtime-javascript@3.5.9-tuxcare.2" } ] }