{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fbe4b3ac-a796-52eb-a9af-8d027dec998e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5", "type": "library", "group": "org.apache.cxf.karaf", "name": "karaf-parent", "version": "3.5.9-tuxcare.5", "purl": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3d838900-d4e3-56e0-b4c8-c926e410efb9", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ebde7d68-080e-5a1f-9d29-31746174b075", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:89f35cb9-0a2a-5f64-a4e9-74b0e30220a9", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ee9ba0e6-ae38-56cd-afb8-7bcb88d0d9b4", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3d81953-bb4b-5138-86a4-a87535d1bd55", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f5ccd6da-4e00-5ded-8e82-432fc64e82d2", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f80de12d-802f-5a68-b92d-baffd3a8263f", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b789adcd-9687-54ef-998c-ca74315cc330", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:40f7148b-d7ec-59b7-9a47-1682b5d872d8", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c9e58bef-3fa6-59a0-b741-4c3d38e3a775", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:59aad706-2613-5c8a-9252-9abb3512cd81", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4cf08062-c91e-51e0-ab52-3d04f08c233a", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:64a8e385-bd69-57ae-b769-0db80237d0c0", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:38682841-cb3c-5e41-bf5f-d1311c7225f8", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:580f9777-6766-591e-a7fc-5e01352400f8", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:33358b43-6a92-53c3-8064-d7cb34515d58", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b8df6591-f981-5328-b9ab-8889590d160d", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf.karaf:karaf-parent 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:50bc8b82-451b-5315-8309-26e36659e7ab", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a81c82e6-bdcf-55d5-98e1-5aaecf17b1d8", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:797af546-7f94-5356-a221-71eda09d89f2", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e4a576c8-a15c-53d9-b2e4-3ac4e3085a73", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c1ffc052-f8cf-5c34-bbd7-abbc555751fb", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9a057233-ac6e-5f46-ad00-d3b0b65003a5", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b4c5888a-5111-5f1a-95f2-24e04af2d04c", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ac61aa5f-36aa-5a73-a310-9f29e25ed54c", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4d61763b-b5ed-5697-95ca-8d45f0e9783b", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf.karaf:karaf-parent 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dd1078dd-74c2-511b-865b-39c5a588437e", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:93bea127-3365-5350-a471-9b0dc17cfccb", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3f27f76-55c8-50ce-aade-6f74f2dfa1db", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fae620be-b7ce-5ff0-9f09-bb058b37e522", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf.karaf:karaf-parent 3.5.9-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8b7cf381-7e92-53c8-9f1d-c42e560a9ba4", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c5ecb15c-0ef8-5901-8744-b30ffa594ef8", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:26b64330-ef9f-50fc-b000-ae179c474d33", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7f64c94e-a7b0-58dd-8c31-bfde51c4462c", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.5 of org.apache.cxf.karaf:karaf-parent." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf.karaf/karaf-parent@3.5.9-tuxcare.5" } ] }