{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ef41f036-3a96-5541-ad95-410359ccce61", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5", "type": "library", "group": "org.apache.cxf", "name": "apache-cxf", "version": "3.5.9-tuxcare.5", "purl": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6b479d88-ba60-5f35-809a-3f6405e0e8bd", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:53f879be-aac0-54aa-9586-4f80b44a7937", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9b907e1c-ba0d-5892-8a56-cb9699f785c0", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:baf31618-6a38-5329-a07e-6849ff24c5f8", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb522d9e-f378-52af-a853-e97a7ca61658", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2f6dce05-f870-5639-ac71-c9b4ff56e90b", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9586ba28-24e7-580f-af37-ea81673440eb", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:09976431-ecde-5a7f-af73-e294a0f51cbf", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d6007d48-20ed-5aa2-a944-8149bd66621d", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d23b8c06-821e-5351-beb8-7a06eeaf66fb", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9afe66bf-7a54-577a-8394-e6fb11cbe638", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e9388e32-176e-5516-80d8-43ff56a61379", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d4bbfbfe-cf29-5221-b836-1ba446997039", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:894a352a-f240-591f-bf19-df7c9bd7c409", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a49fb916-168f-5873-8593-7e6d9a8fb0d8", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a6348bb8-826f-51aa-a7e2-b3ba92ae3d88", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b76e61e-81b5-561a-8aeb-d797e2177bee", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:429d0464-5f5d-5e8c-b78c-bb70bfe36908", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb4202c4-8e61-5e62-91cb-83595b4323ab", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7de06257-a1e8-5e08-bdcf-c3dfef8d46f3", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bf340bda-d5b4-539d-9ea9-f81b48de9dac", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ea915e98-b8ed-5441-a9e1-d2dd3eea0462", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b649aacf-dad9-50f8-b003-5a60faafdf67", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d06d9c0-c016-5677-9b6f-acb274f3ee1f", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2eb81eec-4ded-5215-851e-86b726298eaa", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b3f3adb2-5ff8-5ebf-ad95-dd406927cc07", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fb84fc84-edb3-5eb8-90e1-9e35bbcf8220", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f180d356-17b4-5230-a2a1-5d3a03b083f8", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ae8b656-c41e-538a-8fc6-546c7a974049", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8e92c619-5b0d-54e9-b941-521258127059", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:apache-cxf 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a71fa89c-999d-5faf-b084-9d013bcde4fd", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:06528238-0c55-5305-85af-60127b460c8c", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9c3bd526-85e9-5a7d-8608-294988b67d02", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0c11b66b-9c10-5ad3-b68a-c3b2ed8a634f", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf:apache-cxf." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/apache-cxf@3.5.9-tuxcare.5" } ] }