{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c7ae2b18-dcdb-570c-a629-b3b8a8fd8728", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-spring-boot-autoconfigure", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4724545c-4890-5298-9170-de929d93301e", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d80e02d-e7d5-5684-9f41-b83201824dd7", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:663f2749-5f03-5d6b-ad94-9bfd081601e8", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81f8226e-5fc0-5d7c-a1de-fb25af379392", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71d887ca-9dfa-5c20-afc6-60134702af3d", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30836533-f80f-55c5-81ca-8f1f0e9a3330", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a93c327-53be-5453-92fa-25e0d9288fbf", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09004167-bc70-57fb-a7a4-2e68e2170c82", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5ececfb-518c-5b80-9c50-23ebae621f28", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:736a2f91-ac73-5bbd-a2c9-3e6bc8c7afd3", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64f94b2a-140a-5534-9230-a5f0eb992df6", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74b09353-fd53-5d0a-ba71-2372640c1a75", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6d7c619-e51c-5ec9-a89f-a05efb8fa69f", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db2f0948-08ec-546a-9e98-03fc7d0af122", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ac8c8dc-5b20-5e69-9c36-50f9c3932ad5", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:067b91f1-09c3-53cb-af17-780a8a7a08cc", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf0d81db-3426-5808-82f9-d12780a4a58e", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-spring-boot-autoconfigure 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31de41d3-40a7-5941-aee5-ff2b328d4a90", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0611d856-82b0-5d04-91d3-2810732d4587", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aaccaa9c-1b55-5578-b0d0-21b4a0e3c3ba", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3b4f473-2433-5af5-9a1a-86fced275bf2", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4585ea0-92cb-5e84-a51a-882c91bd11eb", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2358450-68a0-5400-9e21-96f30823ab28", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14fd50cc-bf35-5ada-8826-809e41d7c796", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d98d8f3-f757-55f2-b3bc-baf2b7ceecab", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3aea2751-9dd9-5a5f-8ab4-d77c10a1609e", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-spring-boot-autoconfigure 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1950afb4-34b7-54b7-b112-dde37ba251b7", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c825a91b-9554-58f0-84b9-9af4a93be358", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2cf3517-832c-56a3-83b5-bf0523f48c3d", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c2b9c20-52d2-5796-b9cb-920fe2232fbc", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-spring-boot-autoconfigure 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca455c0c-ce6b-59dc-b49d-73cc570169c3", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:637e4fc0-9d37-5129-9d60-d5647d7b10f4", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63037eb2-14ec-54ec-8bbf-ed3c837bce40", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7527d674-f1d3-5d45-ab2d-1715427371ba", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.2" } ] }