{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d764b5b5-ab7a-58da-926d-7d3cefa6480f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5", "type": "library", "group": "org.apache.cxf", "name": "cxf-osgi", "version": "3.5.9-tuxcare.5", "purl": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3ff60d3c-0a3c-51d3-8f73-176f51dd3d3e", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9aa6cfe2-e296-504d-9927-ef7d736c4677", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e818d4d1-4a0c-5a85-bd83-44bc40060e57", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ec4293e-626e-5037-8d87-470d58be262c", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7786eb3a-9f43-571c-a0da-8b5399588a68", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c70abfbd-ad7a-5599-8b79-a7790a8b4b4e", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ce9bac52-b423-5cbc-81e4-39cea40d3674", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eed57090-4b2b-5f6d-b475-5242ce672478", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f2d2a571-3de7-50e0-b3ea-521ddb896ac6", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fb103532-680b-5118-960b-c11c9de47e58", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9f7247a8-604a-55dd-a32e-9fb87e2d492b", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cbd9cc0e-6c78-5d8e-acd3-87b6081dd110", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b96112d5-8e53-5c63-b4ff-3685aeb962b6", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:157ab7e7-f54d-51ac-8124-5fb4f350d699", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:03a997c9-0523-5810-b48d-f4d1a15361dd", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ba050c58-6cbb-5b95-a295-2fd9c025b2bf", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:48143613-e561-582e-bc14-62d19c895022", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-osgi 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2cdd2adb-fc55-5843-a4f3-75cf59886403", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f36df591-8035-554c-a995-7f5e0f30d6f2", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3ebfaab2-036b-5c15-9ca9-6e690e1833c0", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f911f152-7bc1-5245-bd85-9951db23f89e", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8144c822-c0ee-5944-8901-ac9416ba86f3", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fa1cc919-9ee4-55f5-90cd-f04d4e7c8fb7", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0649fce3-614b-5e73-90dc-049e8b3afaf8", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c09f2803-fe4e-54a4-a923-70b9a3de7682", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:160064af-44f2-5a00-bf55-2c901c6c0f36", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-osgi 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bdf9dc1b-d9c0-53e0-86e6-9ccbe1ca4462", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a9663c4b-752e-50ef-b3e2-36cff6497da5", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d5e50de3-78bd-52ca-a8b6-678cae429376", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1cd18c7e-a298-5fae-8cef-60cce420337f", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-osgi 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:125605f1-095d-5c7e-aa14-d4ee51e747ec", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e566647a-e5d4-5d12-bdda-0c03dd7a171d", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0e048b3d-cc76-5134-8f4d-aca30cdd07b6", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f8716a48-2ff4-58dc-b22f-bf67b2a87fc0", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf:cxf-osgi." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-osgi@3.5.9-tuxcare.5" } ] }