{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a511c26f-5419-5c17-9fdf-325090adc48b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf", "version": "3.5.11-tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e0cf7c23-e05a-5983-bb1d-7940d8eeddb4", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fba323a-8e16-535e-b0ca-f69841156107", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8e3b72c-45ab-53f1-9f2b-cb7cb26f6719", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d3d605f-d35f-50e9-b52c-ae0111e4ba89", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f556e20-f411-5ed8-b9df-246223a69e9c", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74647ad3-5c23-573d-9334-e8c8754d3e9e", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d552bea8-f6c5-5487-a8c8-3016b0dd7b3e", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1deb002-c643-57e2-aa04-9be9b8086bd4", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15ec14fc-d372-5329-a4eb-3bab0edfe665", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46522273-2b8e-5b27-80ee-728304eecfb2", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1da6ad7-fd71-5182-a272-8b8f12625547", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:392f86cb-5cc7-5d4a-a3eb-df2c3379472d", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52265439-fc1b-5463-96e7-d3b62e881cce", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c77f96b-b65f-5770-8fc3-9d8ccd9c0519", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aae135c2-c56e-589c-86fb-8b52ade221ef", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee21cfeb-38ce-5d00-868e-cbf548591e1f", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e85f038-c44d-5ffa-b796-c7b6c65cab79", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58d30a8d-b653-50c2-b910-fe3c1fdcd378", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a3b7aeb-7fd2-57b4-8337-d39c10a042de", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6386a3b7-3754-5a8b-915a-ac3587a43693", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1237d9d4-4213-5734-95c8-0337a49bdb53", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e33225b-abf1-59f3-9601-0269325b06f1", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:366d7bc6-4134-518b-945a-797781ec3979", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87366bd2-0d14-5b97-8390-188a32b64f29", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a942c59-6aac-5c93-9908-a3f49436ba6d", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1950051-ac71-53e4-94bd-322ae9e4ddf7", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf 3.5.11-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:264c6096-d97e-52c5-88c9-76100347d96e", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70cc0235-ebdd-5c68-b0ed-08f155c24ef2", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf:cxf 3.5.11-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43739611-3543-5ffa-ae22-27b834962043", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3483dcc3-09d9-5e5e-9da8-28180e433c63", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf 3.5.11-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74f79e1e-b3ab-5478-a5bc-1a85b5faf138", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a994ec9-4184-5a99-aabb-08559799442c", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.1 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.1" } ] }