{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1cea56d3-2b6f-5e00-8c7d-b26dafef8375", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-spring-boot-starter-jaxrs", "version": "3.5.11-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c332c38a-823c-5599-a607-15090a2e4604", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83134676-a826-591d-b42c-d2544caad3b4", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be47e01d-c465-5d4d-a16a-5c622ebc1650", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:806d1d81-bd8e-54bc-bb4b-32ef5191392b", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1675caac-338b-5624-8429-94fb7b1d7a0a", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a054e950-d158-53b4-a038-f673c0c71f7e", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8e83d63-4811-5361-800f-43b2269831a7", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:339d565f-5bd0-553b-adc3-5756f2c44c83", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b35734d6-4d23-51fb-8fd9-cdf45793e8fd", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:338676fa-9aef-53a5-a323-135972233fe5", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce1bec38-11ab-5ce3-85dd-90daa1996b16", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:793c6fd6-1bb3-516f-8b22-8aabf4867f15", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30f3bd81-7241-5a62-8919-0b2936f6db11", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfea0fda-7908-5799-b963-9064ee1a608d", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2a0e6b7-41fc-59ce-8976-ed0347cc04ed", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57b57cc2-f46c-5ab7-8d74-3cb96bd02f7a", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84ed2c36-d731-5e1d-a530-c47fa6f41c72", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff269324-c0c1-5be2-8d15-551a97648312", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd3af2e8-e12a-528b-b49a-007fad66babe", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f161ee0-7b32-5285-b29a-1fbeb704d930", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8480c41-4c25-5766-8a3d-6161684af219", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4026b0b6-4da1-5e37-8061-b321267721be", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7947b53a-7718-5fce-a951-14f5298304fe", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:feda7eda-e4c5-53e7-a5eb-80c685d87b84", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46eb0388-97cc-5307-9bb4-8f279112c62f", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a19d9a8-6a4d-5a1b-a140-21c99e1067dc", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-spring-boot-starter-jaxrs 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf989d4b-449e-58cb-890f-20222b6d2ac8", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:065bc497-3ba6-5a5f-be12-f90182ed9931", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf:cxf-spring-boot-starter-jaxrs 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11cbf5f7-93c6-5737-9e74-a65879427003", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54b4a3ee-ff00-5865-b396-3b052537dfac", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-spring-boot-starter-jaxrs 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22a6bf20-3d46-57dd-8939-fd378f0942ec", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:056f16c4-3e17-5a80-b5be-d354577a0106", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.11-tuxcare.2" } ] }