{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0c25eae4-8c1d-570c-84bd-3a6090f46bbd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-spring-boot-autoconfigure", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cfa625bc-2061-5b72-99b6-8b96543c4065", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f728814-91b9-58a8-be7d-868c4411232d", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a94ea90d-5828-5f2c-a7b9-8b84787d2346", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02da83f1-a8ea-560f-abc5-c39a218ce6ee", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:795bf0b1-c301-507a-a2ce-0f63ffc881e2", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4cf7e334-5385-5845-89ca-169802c58ba9", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e23b17cc-daa2-5b2f-8c78-beb41ff8ae4f", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9bb449e1-b989-51b6-87b2-aae7c0af7dbb", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de6d5bfc-153b-587f-857c-dfc8adffcec6", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:92c93bdc-9993-5872-b4cf-bf8e6a7fe97e", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6bc9d567-4951-5657-a187-f5010ac69080", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6650436-02ee-5a56-a530-215157d49af0", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7dc6606a-046e-5329-a2fe-37bb71f9a7da", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a2ae4f43-ce84-5723-844b-6b94af525225", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6bff3998-0eb4-5f30-acc3-2bff94de1e25", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e524e39-e7da-5f7d-8e91-d1730e23be28", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:01e52f2c-c2d9-5143-a072-01e11e069ba2", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-spring-boot-autoconfigure 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5733cfb-1842-569c-a544-35ae779a36ef", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a444a28-1607-56a4-88b8-86f4f3ab4e52", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1346a457-27e3-5e5b-b81b-7a8481fed2b1", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4f22740a-081c-5b85-9ae5-0672ba0581ca", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:264dc40f-618d-592a-937c-202dad2942d8", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2e7762da-0e41-5559-b4e5-5ae9f5cb2618", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c176f9ab-11f7-52f0-8a2d-d641a72ac705", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc317593-044b-5c88-b2e3-e1070971acab", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93c6d619-c932-5361-9f52-b91f39a38181", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-spring-boot-autoconfigure 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:70c288dc-b0c6-52e3-934e-5cc475d607dc", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57d77390-f240-54be-b2a5-e62dac6dc832", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:177ee51b-893f-5803-b949-05f55bbbf7da", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5cb968d0-de5d-5368-99bc-2ded9e058cc4", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-spring-boot-autoconfigure 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a56f001-ac0d-5775-b0fe-08874e4351f3", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e81428c8-3d47-5984-af73-17d58cee50ec", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65467f98-59db-5f8b-838c-c7f4ae6732c8", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d44ff009-d730-5f15-9f6a-069b8b810f06", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-spring-boot-autoconfigure." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-autoconfigure@3.5.9-tuxcare.4" } ] }