{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e49329dc-531b-5d2c-bc4c-aeb20eed5476", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1", "type": "library", "group": "org.apache.tomcat.experimental", "name": "tomcat-embed-programmatic", "version": "10.1.42-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:aa9c3dbd-bc92-51a7-8dc7-8998cf498704", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd567533-e54f-5225-9ba9-4ffe5fa6fbf5", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01fa3460-b900-506b-8590-63f30bcbf2ec", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fddb8068-212b-525d-8ef7-e2c27ddedc18", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:849c5e69-953c-5654-8174-439033324df9", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b344e5f-1be9-59ca-9624-c8a061687cef", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47e361f8-a5b8-5d0d-9af1-fca99682cb45", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01b55ab7-de82-57fa-b63b-fb894afac981", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdd6c809-dd55-5704-b4e5-fced7b2dadf1", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:443b0591-6e3e-509d-8069-12624dba8e95", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b30cefb-9460-55f7-a69c-110ae213b4e8", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f68c7dec-92e4-5227-ae36-60cb86a2d550", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e30f3c5-2ba8-5e54-a40b-9579acb775b4", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f7c7287-3b8a-5998-8cec-06f719ff0bf6", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af3218b4-9340-55e7-9b3d-5c85f2a2527a", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:327e1a46-3e32-5474-ba42-4350e938bcc3", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0903f92e-f1b8-53eb-a2fd-1b843b50dac1", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b83d1282-13bb-5cdb-b4bf-ce2379268f6c", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f5b276c-19e6-51ca-ac16-88c71ded5b6c", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:030f8405-ba1a-5eeb-951d-e493967dcc1a", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5652079-b454-5709-8c18-df5f6ffa4d13", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdb64935-d1fe-5606-8195-6a04295395d5", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.1 of org.apache.tomcat.experimental:tomcat-embed-programmatic." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat.experimental/tomcat-embed-programmatic@10.1.42-tuxcare.1" } ] }