{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:63f13ed5-eb88-56f4-8d6e-fffccd089697", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf", "version": "3.5.9-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4ec7ad6c-15f9-5010-9f66-d685d88d6896", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a15c207-7ab4-55a2-8dd0-aa6a27854fb1", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca9299ab-ad57-5e71-88b7-56a084e025e5", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d0097ff-0c55-5864-b16b-0ef5f3268e52", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86d6e2ba-e83d-5a5d-ac50-85c19a667b1c", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd3010b4-3515-5744-9a5e-488c378d96b5", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a38ef24-9e4a-53ee-93ce-aec1e335109a", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:417f66c6-da59-5af0-9e14-990eef9e1c8f", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:261705e8-73a9-53d1-9797-e5aef4939fb8", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4883370e-8c51-5307-9379-79f1c0d0825a", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1174250e-04dd-5d37-bd9b-8aa7a57c015d", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51b2873e-a1e9-5807-a956-08227cd6d0a6", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e84d5a44-eacb-571b-9e11-982cfb089866", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3bc8fb66-da31-5180-a43a-3648b699c345", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d27573b-7c65-5b83-a1ca-77f0014e0f40", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df4159a9-5f65-5609-a7b1-225173987ee4", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8625794-47d6-54a6-b9b3-55d34c7ed05f", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e22e6c1-bdfc-5b3f-ac40-7a74701420ce", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ff22df1-af16-5576-bed3-1ee9afb7a4fe", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdacfa98-7f56-5202-9d2f-94d679576d80", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa8c4260-ef52-5eb1-8e0b-42e635c16b19", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7db0982b-698c-56b2-9bb3-e913aa46a682", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60e10c4f-8fe8-5bcb-85a1-afff613dad7a", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c801f2c7-c6fa-5717-acec-2aa43b5fc3f5", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aaa6e8aa-f24e-57f0-96cf-828389cbd7e1", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b95bcd43-665a-52e3-8469-c887163a74e7", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7c6de63-89a6-5ed0-83a7-08c90d23644a", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eca5cac9-2bc4-5905-8dfa-0de852605121", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df58a015-49b7-58b1-afe1-08ebb5de8896", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba37399a-498c-51af-8625-73852431f4d4", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf 3.5.9-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:286baf1d-6836-5f2d-ab14-7c36cb6a4dc8", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:188e946b-eeea-58b3-8345-a8c3a5b58255", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d61e2b1f-4901-5df3-9c95-6b54516a4496", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc2f6421-6b05-51e9-a7a8-b80e51de5816", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.2 of org.apache.cxf:cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf@3.5.9-tuxcare.2" } ] }