{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2d1056f3-14b0-59cc-ae86-bc202ef3dc9c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-annotations-api", "version": "10.1.42-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:75e890d5-cba7-5bb5-9291-da592907ce3c", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc57d26b-4a13-5882-9910-59f303e8584e", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f50f91a9-6a31-5282-909c-c160d1d65614", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d1d3033-1f4b-5868-a20d-5a086e40d724", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e8e4449-63ec-5ae0-a4fd-52b75471d33e", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa56a637-7d3e-5356-b192-ed4a20a6ef34", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f7123ee-93d2-58f6-8dfd-edd2b0d7cf73", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:601c5f97-951b-5002-aa1e-351bc813b5a0", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:413811ba-98a4-5203-8e6b-9e4f099f2a64", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7fe9062-0aea-5ca0-9d57-d83ad2ce6701", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4bc8046b-e885-50d9-9bb2-228753e3c8df", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb972cb3-806f-5308-a6a9-cac3a4fe3a1f", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83511513-6807-5615-9ec0-5e399fc46704", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2a6869f-e342-5ef2-bcd9-72eae5ecb394", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:196f514d-182f-506f-9b4f-c3a4f792834e", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99a75d89-4af7-5817-8d48-af50a6ee3f79", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2798550-b39f-5bdd-9852-84fdb914d11b", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de097766-3269-5bfc-bd0f-39b91f6555de", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e11fa91c-17d1-5fa5-bb63-046cb8eafacb", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:569ac41e-58f9-56b6-9de2-04eb8d54897e", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67414e88-641a-53c1-bcf6-865b0b26d2d1", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18b77d43-846d-579a-b290-01b5e398194b", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.42-tuxcare.1" } ] }