{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ef4017c3-5220-5351-85d6-7d1266e8200a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-spring-boot-starter-jaxrs", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:76fa14fd-d0c5-5859-bda3-0e1eaa3d8860", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eaeba3d0-8489-54ac-9138-463fb42c87cc", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd58ae80-ec65-56da-a4b8-369664998bd7", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdb924c6-7a4c-5be5-a96d-899acf4380f1", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dcc07585-f9d2-5b3d-896c-e775d41f1dc3", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27382a88-c652-59ce-9670-39e952b56b26", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:642831bd-6c9d-572f-a78b-be54932dc14c", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1d0576c-c161-5d1f-9b45-5c134c951e94", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:871838e8-9526-5e3b-9755-19c2884fbe6a", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa0ea5a6-d95e-58d3-99ee-83fcf31eb7c9", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd9edad8-bbbe-5dde-b439-0c60d5962856", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1022b93-9dca-5e6f-8316-32899802b393", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d035dcb8-3903-5f5a-ab34-ccf8dd05315b", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60ad3151-a959-5f71-939e-1c071e56061f", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03fc1d1f-b87d-5488-ba3e-682b7b06a0a9", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23f3c4e9-ec1b-58f7-8a84-a79de78b2b15", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:641deff2-f5b7-54d0-9dd5-68d4fcfdc76b", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-spring-boot-starter-jaxrs 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c38f222-1aa9-5588-9c1d-20f9dd4bdeab", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1653be2a-e153-5520-9dae-7aa8b18c9745", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:256e9318-4a10-5e29-8783-beaf81aca9ac", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d795d20-402b-5f7d-a3d1-af8c4f21aad5", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed65006f-9bd8-58cd-af96-df0310ed8e17", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f7e5c71-40e6-5434-a48b-0f089f73d8fb", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4158d90e-5aed-5059-8b25-4901db53d28c", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46bb53cc-50f2-58a9-8315-ee538f4ec8fa", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acf70f9b-984b-599f-a513-271e94b0f31d", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-spring-boot-starter-jaxrs 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2c7d23d-fa5b-5337-9031-0889bff98123", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:471435ca-b82e-5d6d-b76a-d9cdf0770deb", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6dbd862f-049b-5658-8c86-ea4324707cce", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34b0984d-0e5e-5d2f-b433-0c3708efe514", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-spring-boot-starter-jaxrs 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a295f4bb-9264-561e-b75c-265a0dc7aa41", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df653a41-7c28-5b0e-bb84-096f088f0796", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e7d1a72-f158-5c71-a51f-bc6de2d79853", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d6c897a-ccb0-55fa-88e4-39e9cfe191f6", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf-spring-boot-starter-jaxrs." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-spring-boot-starter-jaxrs@3.5.9-tuxcare.2" } ] }