{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5a81ac2b-da56-5106-bc72-e0e8004acb87", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-api", "version": "9.0.90-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2ca38385-7a0a-5a21-b988-5c56d598dc40", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92f74c54-899d-522e-b031-15a332c77557", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f6e7c07-b67b-5e5b-abbe-6402ce700ad1", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2617e794-51b1-53e1-a0b7-c403024ab1fc", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c19c33b-6dac-524f-aa59-6a3cb23cbe0b", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf41fa22-6691-5e47-8119-b45413a90baf", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f988152-bd26-5b39-86b5-c72f568eb197", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da74f2b2-4573-5e06-8b0d-dbb87f497c73", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ccff57f-89da-531d-9a0b-5cb382164e69", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28d618d1-f134-5c72-8b42-17b57137d501", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:159f5864-1e50-5b79-94fb-8caf7f8305fe", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbe602da-f185-5b9a-951d-63f5d7f93041", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fdff9f2-978f-54b8-a0da-cf0192245af8", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:538debab-6d16-5b1b-924e-e8dfcab8d7cc", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26afc134-0db8-5f81-9395-f2c5abc6c83f", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e22dbbbc-494b-58dd-9c32-f95fde2b6596", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a3c6856-1117-531b-a306-419f612167da", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37d25815-adb0-5c7b-8e8b-cbe33751585f", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38f05598-cd67-5fbd-85fa-8ea0a4223816", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1326e0f-0e77-5bbc-80bc-99399fb9574a", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f10db46e-d043-565f-ac14-8a1f503e50d4", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f92140a-6495-5db1-80f7-c75b14ad2fa1", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49b7dc9d-6675-5430-9d57-53564ed4bfc7", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b836e711-5a78-5e29-92f2-37f7ba04030a", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7da4c94f-d9ce-560e-bc0a-6a0df5b798ce", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4325d42-8b3f-5ab5-bc7a-4e1ffae6708c", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6861aad9-a06b-5817-b3b0-e7ffe61eaea1", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:107f2f4c-d0ad-500c-8d4f-ad65996b9981", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ad1b8e2-6cec-54ad-bcde-c88b40c26c47", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:525684a2-f643-50ee-8abc-5585d479e3bb", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9db86b8a-5013-5b9c-b755-6bae475d30f4", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c652b04-e004-57c2-82c9-54f34da3935c", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90452ab8-5cec-565d-8e7a-9bb541729d69", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cb718eb-04b5-558d-93ae-932bfa496681", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ddc921e6-dd17-54da-8f97-18324d775db1", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:210ac754-df12-52aa-a97a-189061b581bb", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:648dff7b-01ae-5dd5-8815-a7d83dac496a", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20fa3750-74a5-5695-a91c-2cd1e4d4713e", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85cd1b8f-9820-5ccd-9d01-548e1e87f7ba", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@9.0.90-tuxcare.2" } ] }