{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cfc2f48d-6081-50bc-b9e2-88cddc5ef1e1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-api", "version": "10.1.42-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8cd19f19-034f-5a00-b745-4e69e7b52ee3", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8411ae34-b886-58ba-863d-d5aa56a7d246", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ee69d9a-7e01-59f7-a77a-fbee293f9ec3", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48a54187-64cf-54e7-9c72-1b1c4b5c0db2", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9deb1ff-2b6b-5c4d-8b82-c62701609199", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f6a44a0-49e5-5b87-b179-844e666ec525", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c37e3e04-971c-5684-9d5b-e6a8bafc29f6", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e87c86e6-4007-50b3-97b2-2ce173c89619", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8fa680a8-2e1a-59d3-8d2d-faba8a7c6047", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4575f60b-39ac-503b-9ccf-1ddd4c55ea78", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e96db76c-aac8-50d5-9621-e61b4f386131", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebb611ae-b876-539e-bf81-a3a359757482", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b740333-4403-539f-bea3-7051e38f8b62", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cccc885-4c5f-5ebb-b9c5-85aadf7972a6", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aaa6df28-c76e-554d-8e35-15ade531b602", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce3fbffd-d22c-5252-b64d-9fdcf3934040", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33cebe64-f296-5367-9541-3bf005396f9b", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8645ad9d-71b0-562a-92c0-43413de50e7a", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a74cdbd8-4a5c-53a6-b2f6-909a1d89e92a", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5435ec7d-7937-54fe-8cec-5ccec25e917b", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1835ca14-b823-5f7f-b705-fb3e44e8769e", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1f38aae-6f1e-5a80-8c3f-0fd258921c03", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@10.1.42-tuxcare.2" } ] }