{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:21902a83-335a-5458-98b2-ae7ea5469cc3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1", "type": "library", "group": "org.apache.tomcat.embed", "name": "tomcat-embed-el", "version": "10.1.42-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f0686121-f056-58bc-9fc9-28f8872f5c0d", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ee0d809-db3e-5f46-a377-be3c13e94a9a", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4aa1d6ef-d40e-5cb2-acee-1722cc22455f", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db753647-0434-5f0e-828d-9bf1f009661b", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68e843eb-4bb6-54c7-9608-722456656982", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c427e8fa-d877-5afd-81cc-f4e96e0fb179", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:345384b8-d946-58d4-8044-5f5524ea7234", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:953f1ef0-99f9-5fff-bf00-a8396e118da8", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70f8f0e9-2887-5914-9ee8-7d235850ce3d", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c50c80fc-3d5a-594d-a3c3-72e82a90d940", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cad1dbb-d99d-5eb5-b2f5-49a8267b69e8", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:edcf4081-dae4-5aaf-bf4d-1763b6cde10e", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebdf2a6e-b4bb-524a-a991-c07fe9e5766c", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46c574af-3146-5c47-b4b3-d936b187774a", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d92cb78a-efdc-5e0b-aa8a-395385d6a4f8", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f78333a1-0895-5dbe-9d17-a720010bda8a", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c98185f-814a-56ee-8b7d-5d90f7e8fa71", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56e2852e-e608-5a3b-8845-dbaf10625b59", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a785ae04-ae1a-5667-bf3f-07abeac7d1e0", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5cdd13f3-4a8e-518d-8526-4c050db3d2ff", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0a2dc70-8d5c-5875-a837-0bf4c02527b3", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca33b1d7-d150-5768-9d2e-cb26c37700de", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.1" } ] }