{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fa631370-e3a6-5708-b11a-840871f96115", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1", "type": "library", "group": "org.apache.hadoop", "name": "hadoop-kms", "version": "2.7.3.tuxcare.1", "purl": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:45ab3377-1edf-508e-9bb4-fe8f141fb56f", "id": "CVE-2016-6811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6811 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b617f11-399b-5973-91d3-2cfc540fb9c3", "id": "CVE-2017-15713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15713 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:297fba85-e865-5daf-9ded-415fb1fd3aec", "id": "CVE-2017-15718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15718 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:751074e4-22fc-58b3-811c-b6ab9d69c6c6", "id": "CVE-2017-3166", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-3166 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc144823-aac6-5c16-9089-de979541ea55", "id": "CVE-2017-7669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7669 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44eccf00-abe3-5f52-ba3f-29ac9641f1f1", "id": "CVE-2018-11765", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11765 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88565c13-3d20-5dc8-a48f-b76e94959a09", "id": "CVE-2018-11766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11766 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf5ba16c-c77e-5473-8778-a43092da25ed", "id": "CVE-2018-11768", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11768 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21440eb1-5a85-5102-8482-7f54db603c88", "id": "CVE-2018-1296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1296 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d28918de-6782-506f-8388-220a534719e1", "id": "CVE-2018-8009", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8009 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2facf46-e58d-535c-b332-bd733eae6336", "id": "CVE-2018-8029", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8029 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62fb2dcd-e95e-5609-9bfd-f9f720b53ba5", "id": "CVE-2020-9492", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9492 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab99b078-09e2-5596-a038-6564c3a48538", "id": "CVE-2021-25642", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-25642 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aae9ef80-a3dd-5ae4-aabb-472c22d6dac9", "id": "CVE-2021-33036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-33036 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2f1d877-101b-528d-a64f-540f1b42fe43", "id": "CVE-2021-37404", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37404 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23878f69-c687-5684-920c-22659d73cb6d", "id": "CVE-2022-25168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25168 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2df0ae82-acd9-5e7e-a165-2b3bcb7872f0", "id": "CVE-2022-26612", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-26612 affects version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c13b5d68-d42e-59ac-9f31-a41ba30b56a0", "id": "CVE-2024-23454", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23454 is fixed in version 2.7.3.tuxcare.1 of org.apache.hadoop:hadoop-kms." }, "affects": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.hadoop/hadoop-kms@2.7.3.tuxcare.1" } ] }