{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:aa533083-c634-5aef-8e58-12a1a78b0c7a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-api", "version": "9.0.46-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2fec0965-31c3-5b2a-81d9-859223944aca", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ebdfee8-12c8-55f3-9e14-e8a081d627a5", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7c8f1133-e099-51bb-8d86-e18db779585a", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:329a9d38-73d4-5df9-ba99-09627c97fda0", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d22aabaf-63c2-501c-85b4-1580a8ce80ff", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6227c6ce-c0dd-5032-a01b-4664a9fcacc0", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:37b818cb-29e1-5f5c-a2dd-c1d905a030fd", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5bb5983-d63d-589e-ac94-aec9ce3117ae", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dd84833e-a79f-5208-9da9-531696cbd845", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bc3b8e14-5426-5310-8767-cd596d216555", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:89bbb008-c3c4-5cba-b7b7-14f97ffc8e50", "id": "CVE-2022-34305", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-34305 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eede0f08-317f-5fd3-9e98-960ad52b6759", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:321a2fa5-998e-5347-97cd-199099740454", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26bc67ab-b424-58e1-99c9-e8753108a07e", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:936a460b-be41-52de-ad4e-fc766526e613", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aa7cb1d3-80be-50df-b4df-1f7fba5cbf32", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:759b8c73-75b7-5dd7-bfe1-749dcc571316", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fc0928c0-f42f-5ee1-99aa-464cb2361256", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0dac9874-139d-5181-be79-2197d7a49cc5", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f078066-78ea-5c79-b01e-70c8b5d161d6", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7707c4f7-f432-53f1-8e6b-2327158c3d0c", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:72cd48dc-1ca2-5e22-94e4-d012961bdb33", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69f9d853-0d35-59be-923d-eef048fe1ca7", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d095c9f8-020f-57ca-82e2-4eb50fe7a7dc", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7696be0b-cf38-5a35-b4d2-d4532c5dcc11", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2722587c-da07-5649-9b92-2e20ed9343d5", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9f8e38c-54c5-529f-aeab-26a12418952d", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:33203232-53e6-5243-983e-b4b15db385cc", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd5dc276-cfbf-5cea-9351-578aa84622e3", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5ec952b-00ff-54bf-8462-d63e272e8b93", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a08189a8-37ce-5029-8c91-676471ca750f", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1e144986-b857-5f2f-8d74-315524cbb213", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8c07aee-8fd5-541f-9db7-cc5774d1409f", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f8f6ff7-852b-5fb9-b796-7a957d304b60", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:935a597a-f0dd-546b-9872-1a31c35f129d", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c0a57673-3201-5dd0-a16b-19ed8e71213d", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:786bd8bd-f481-54a7-8bb0-b3c198c91527", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8498224-0ad9-5363-ac33-9a82a2668c28", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:770dd349-1e13-50cf-9649-dd1a07e664d6", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5dba94ed-99be-5187-972b-1069cbcb1cad", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:56aad2a3-c1b0-50b3-bae0-f988f52e5460", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:58cc6e76-1bff-5b5b-a788-4eb60ce8e9dc", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:baaeec39-df2a-50da-8905-4597fafd0a56", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1d6b6672-9d4e-56f7-b73e-ce162174ef1d", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aef17fb2-33ae-5039-98ea-cccda53de80b", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:71a2986c-cb42-548e-b0ae-f1a1976d9304", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a43d1873-b2de-52c7-a034-a04058ce9e26", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a218700b-4f99-561a-bf42-2e011f0aeeb3", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9ef934c-2691-581b-ba54-92f688ea2c22", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bfff9ac0-b64a-5c9a-bfdf-62dfdc3b96f1", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ea05295-86f2-5837-b5e8-1414742b8dff", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.46-tuxcare.4" } ] }