{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ec6b2db7-5995-55e8-8a61-3bddf33fe595", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5", "type": "library", "group": "org.apache.cxf.services.sts", "name": "cxf-services-sts", "version": "3.5.9-tuxcare.5", "purl": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0e89fe13-812a-555f-9e34-9176f7ecedc7", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4c055438-e4a5-52b8-a9f6-e039ef7167d3", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f5609e85-ca27-5a73-bf17-3b8570d89b38", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ccad0c32-8585-5908-8fc1-fafd7f8530a9", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bcedc7d4-c09d-5739-984b-11232e53e86c", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:67d03a4b-18ff-557c-8f10-548ab0586f63", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e39d1b8f-1249-521e-ab4a-e1dbf51408f4", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2ca65314-fe97-52f1-94d5-90b7acb63840", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4d6b69a8-ede6-54a8-8a05-79fbb6b23ae9", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0bd662e7-c0c5-5d0e-84a5-e3757fff05be", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7f32665d-b896-5773-aeaf-7db7b4251cf0", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e0160d56-3b27-553d-b4f2-74288f88514c", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cc0f4b93-f4fb-5177-8cc8-37f87ad5d9f8", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:82c5cfc2-249d-5686-919b-227792ee9f37", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7e65372f-cf90-59cb-960a-1c8493a9eeb1", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f867681d-5d13-52dd-9234-6041b03d46ee", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a6de4441-b323-53ea-a9b2-d6010a4963ca", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ea5266e4-42cb-5777-871d-978082a25a71", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb3786fe-516f-5295-9cfa-f7ae7a96006e", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1c029394-888c-5a85-987e-0f80d9c44e85", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:117a3df9-44b0-5a45-9d0c-42e2b3fe2f71", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:db542c1e-c813-5075-9ee6-d20f8118180a", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4bb3f717-3a09-554a-8a9b-df5c5389e0cf", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d70de953-ee88-5623-9e55-460710a913cc", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:73839f03-27e5-5ea5-a990-f7a0c22e11c6", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ae35e0c-d46e-525c-baed-7ae346e30117", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6be99c5c-cb6d-5a65-9c23-b6f806d9aadf", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:61b83c75-1e5f-5174-9e93-3cfdb70e46f8", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2bd2ba7b-4370-59ca-8ab4-bbee62c84eab", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:45f88266-d94b-5d37-94e9-7499bb24dd16", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.services.sts:cxf-services-sts 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2d222784-922f-5ea5-881d-ae4d684395c0", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3a4edbc9-12e2-5fa0-8084-bd27272f2956", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b11fe4b5-499b-5d61-9492-705ca7ee6a1e", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb77be13-ba0f-55ea-b2d6-9e1c8e920032", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf.services.sts:cxf-services-sts." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.services.sts/cxf-services-sts@3.5.9-tuxcare.5" } ] }