{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:460dd7d2-236b-532b-8529-cce3e2a86f81", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf", "version": "3.5.11-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fbb4f5b7-4a0c-550c-8aa7-b703cb52e316", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb6a7d3d-8bb3-555f-814d-0fc41bc4e5ef", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ddfb8a0-482d-5c76-aefa-b486da381fbf", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0cd820a9-e92d-52f4-9b4d-068814a3639f", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5289fe90-4337-5c84-9bf3-139db5d6a3a9", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:490b94bf-e168-588d-98fe-51d25ada60a2", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db623f3b-5b63-56f8-883c-f787b8e77ea9", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33e6ca35-f324-524e-bba0-29a013291d27", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a107b8d0-d1f1-5dde-bf0f-1038cfb2add9", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:447f3f64-e803-5e5d-bd5c-4b405a881316", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80235b78-5736-5fdc-848a-217ff4b1f98f", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b56d5f6-829e-5cdc-825e-f8672dd20a75", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87f30e5e-1107-58d0-b817-1e1f6cabf9c0", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:220489f0-9d2c-5b7e-be36-8e6e105a617b", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47bfd21a-8880-556d-bf19-c7c3f609c168", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b34c4d4e-74f1-5aee-bb59-2f738fabfde7", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8aee1700-17ce-56e0-a606-82387f887b25", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03aed195-0b9e-59a4-a613-34c889b16132", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0da59c3d-62a4-5f27-8d9c-9610703fd77a", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0312f962-f1df-5c85-ad87-e9ba700ce53d", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8ce2b07-b9b1-52ec-be0e-90b17a130730", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a9c746f-8afb-5654-91aa-6b245c3dab73", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97b48913-acd0-55fe-9ed9-09ca74218205", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:256bb5e8-e28e-5a9c-a072-aa209af996f6", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b07b085-82e4-5d12-b6ce-f85f5ce560be", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b399852d-7872-5641-af34-8d4fc280ca30", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5102e19-b9d0-5796-b429-322f201a6955", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c68b29b0-1296-52de-ac04-f77e98d4816a", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf:cxf 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:655ee0e7-b4c3-536d-b65e-11953586ba72", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35e9530b-18bd-5c25-9493-3997f528377b", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54e9fc07-118a-5e38-af62-3fd181183652", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ddda318-6dca-57eb-ad26-c380cf2a92f0", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.11-tuxcare.2" } ] }