{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:14ce85c0-42ad-58b8-9028-9b085819d328", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-catalina-ant", "version": "10.1.42-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d50a5e8f-0ec9-5ed0-8654-735a96c2c33b", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5868ac19-76cd-5bb4-9f43-81c3f02b47aa", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e83992fe-2b49-5856-af28-8245e665a871", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58750f33-f685-5e01-bf78-5f8f122cc89d", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e695240-7b09-5135-a071-d8a656177e15", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16ad349f-91e4-52d3-a7e6-5804ac984d99", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29a8bee4-af80-594b-8286-af9f3ee02d11", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d97820a4-f210-5623-b70a-7fe009c22ac6", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:865e0ac3-b4b3-5b9e-b149-20a8ef6eb33a", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46d2cdcf-724f-5726-a7dd-dc88d9e3ad18", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1ace3a8-ece9-5040-afd7-e574e63e62db", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a8a4d51-8986-569c-84a6-298abba7dd67", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47ae263a-832b-53a6-b7e0-7bffa1f2d990", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09957949-000c-555f-9bc1-64a0c7b9bd66", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db0ac43f-2e3a-50b0-8de7-0da7412dba26", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:873746ab-7bf4-5c08-8bf2-a6b00906b778", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a2d93ad-a0e6-5542-bdb9-e2e131918b78", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8697505b-79bc-551d-bbc1-27639dff72f2", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:144c89f4-66a4-523e-acf9-8f3955cfc663", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f6d5d35-d017-55a1-85fc-193100717374", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae29c7cc-4726-5f9b-8fd8-f9b937ee547c", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69129002-dd9a-56e2-9dd6-0fd07d594271", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.1" } ] }