{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:20a4f3c3-e793-5628-9ce6-bdd47348e464", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-kms", "version": "2.7.1.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:64942669-37a5-54cd-a43f-0341483317e3", "id": "CVE-2016-3086", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-3086 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:443ef2f4-feb5-55ce-b5da-b189ebf20f44", "id": "CVE-2016-5001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5001 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7eb7c0f0-a585-59a6-9cf5-729a4fac6a8e", "id": "CVE-2016-5393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5393 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74b2c9d8-65bc-55c2-a957-a9df015f8407", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d536b1ca-bc55-5ec6-8fca-585666aa7399", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de8a016a-b574-56ff-9cb0-bf2cd8ee08b5", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5353d0de-f742-5fa0-a5de-c39f468b15b8", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8a7fbe5-3389-50fe-b315-2ff3bf176a90", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ed653f0-4dfa-5813-baf1-a8e3b709663a", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c7f4b74-706f-51aa-a1cf-3a3bdb03df46", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8269ee4b-e17a-5468-9c0b-ede5f9afa51f", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8e11e21-fbc9-5f50-b143-71ce4e3a1217", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51d53c80-32ff-5b69-bb1e-996a58f43605", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cc6aff1-6305-57e4-a8c5-703e5a04b4c0", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:246e9a01-0ff0-5c2b-87d0-f0db479ae3db", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19214cbe-1363-5562-b3eb-7c6515158e34", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36845030-df40-5f41-88cc-61e99f0c63ef", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c435b1d-63c8-5588-b07f-dcdf67c7bea2", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3d2cc8d-9bc1-5ccf-a844-ac3480256910", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29a92296-28f6-56ce-aaff-169bf556833c", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29c56c4f-0409-554c-9613-eee01c7ad157", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.1.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.1.tuxcare.1" } ] }