{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:dcb10e8f-8bf1-54ae-929f-e3bfb5aa7eee", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4", "type": "library", "group": "org.apache.tomcat.embed", "name": "tomcat-embed-jasper", "version": "9.0.90-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:87b8e401-78ef-5d4c-a299-85a3befa2cc3", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:923ea8bd-f9e3-5589-8e77-f75e544e8d46", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7c09e5e7-8ffa-52cb-afeb-7ada2b438253", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b209bb1d-47a9-5232-897f-f4de50abb869", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6bb539ef-a3aa-5636-9f95-f31c54605ceb", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:14d9cce0-c53d-5d2f-b1bc-fab4810eeb76", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1a924c9-8dd9-5a68-8cea-1c83afe15a54", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d855f458-aea6-5fa3-831a-25c01eedce43", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1e69c22-9880-58a8-b9c1-775a9f910bb1", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff2155ff-1614-5e86-a4b0-48b36c588927", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91e87b82-6aee-5688-a4ad-254ea2e2c29d", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bf66d899-846c-5c4a-b7ec-8d7387e6a0ac", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c42d8045-39fc-54c6-a1a5-ef30b2984c82", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:753183ff-adda-52a7-91d0-dbe9a5352454", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:843a35fd-b0da-5e4f-bad0-a4c16911a168", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3bde517-61cb-59ce-9a91-a18abd135652", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:34d92fa8-617a-53f8-a443-5173bb5b3a88", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a081801-4efc-58e3-a9d5-414944131168", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78c6ffe9-9ffe-5e61-96c8-3900ce9f622c", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a2aad90-1d23-5b20-8718-cf2fd161ccd1", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:395ec418-46e9-5dc9-b201-8d0ed466b013", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a53f2f3-8827-5a21-91d0-1636b3fb694c", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:09bf9b6d-0a47-5aaa-a554-cbc4c6a15641", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49b46bab-044c-5763-bcd4-7ec854f592ef", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd52a336-6eb9-5db8-84a1-862b60dba99a", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7cb780d9-f7e6-57de-bbef-339eae8d99f6", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe0c5a4b-46ca-5375-ace2-94b2e52b50c2", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f155cb6-e905-5780-b33f-fe4e84ef0ee6", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:917bc326-2db5-5bcd-8b11-e74458b15d17", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6fc3d7a9-cc60-565d-8ce5-e8a1bd5bc6b8", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6e0243a5-0da4-565e-89db-12ae053c7321", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:50528706-c8f3-5c96-b47b-ac6fee6c9b86", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d59a3e84-9386-58d3-bc28-403427ec58db", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de9d815e-3e3a-5afc-b27a-2a744ec81f00", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8745c89e-8f34-57c2-84d0-52cff27d8677", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9196cb68-1a44-5072-803e-f85f76d672c3", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:17086ae8-8c32-5037-91de-c9108faf144d", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe49f513-7e8a-5bb3-b7d1-e30cd4c4d22a", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:687ae4a0-6ddd-5528-be20-ccf45143e3be", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.4 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@9.0.90-tuxcare.4" } ] }