{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a9330195-f31d-5b38-94b4-11318b4fb95b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-catalina-ant", "version": "10.1.42-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:54bce266-8a0e-5fa1-a325-b5467f61f05a", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3939e00c-1fa9-57fb-9c4d-d5c8170dc560", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb27528c-4ba5-5f5e-b7cd-6f459353bfe9", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb6074e6-842b-5dbe-9df8-338b4de2f470", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:999320df-af3b-59b9-a937-a5a551a0d67e", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e73e67f-ce58-5f3d-a7de-18a022496b39", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f50474f-6122-5010-bcc9-d76838198781", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b3fce9b-ddea-53b6-9091-12995eecf769", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19e46a4c-1116-53d7-845a-4bcd2a61a547", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8bef700-0f91-5526-9a3f-45064b1d5861", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:411801b6-81a2-55e0-b43e-2a041b0f0bf0", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:018acfbb-fd04-5fb8-a567-648e9e0cddeb", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a08e11c7-7755-5edf-9b1e-09c81c6243d5", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c1a68a7-f6d8-5958-aea4-60089c759c8f", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4cb7051d-80a8-581c-8a71-bb81c97091c0", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:948f56f5-47f0-5ef2-8ec4-a262a8529e41", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:950fdf0a-9e02-5595-a0e5-e1e470a42ad3", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88be2ab6-95d6-59fd-9f8f-eca98733edf2", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be7cf936-2d6d-5953-93d7-a62c9a2de8d5", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ce0ea2b-d70c-5d2e-a54b-cc098c1e034b", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aeeee70d-074c-5591-8f31-36d735d1dd33", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc1fe04a-235f-5eca-82e8-19fffc2a2ff8", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-catalina-ant." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ant@10.1.42-tuxcare.2" } ] }