{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:76c9a2e3-53db-57aa-a4e1-3a0b45cb8e0f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-catalina", "version": "9.0.100-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:51e468bb-1f7e-5e6a-b758-eb09ab996f74", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7d50b71-51da-543d-a236-d39a8a3efc2c", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63faf75d-79c8-5017-86e5-d247afabd8c6", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ad4322e-7392-5995-9ecc-f304d8e59d9e", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28d8b7ce-bc98-57bc-9a04-048689c6c5f4", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f2ae2db8-4dbf-5b24-8cd9-9c094b6e9257", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7dbf774b-4bb3-5098-9bf3-ac609a952ca8", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af80b2c5-f0b1-5194-9e47-a4fabb2249c4", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ede693a7-e7a9-5fb9-bea9-e2b3af4f0e62", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:11769d3a-020f-5efd-85dc-c9b218ab7bef", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd70554f-25be-556a-b439-8a849ba1dcd0", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17695216-a748-5890-92a4-5ac50b936019", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1281c21c-9fdd-58d4-bf36-eea6275119a7", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60ce8a7c-c465-59e2-86ed-6ec33bfb6eaf", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ab3fea0-4f19-5c3b-bf05-8a8cdb75bd14", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30c072ea-1412-5038-b2fe-2fc75a7474f4", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e94473b7-c0f8-56f6-ada9-585012dcf511", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:811a71ec-d306-58be-85e9-7ae8df55af6b", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54cee053-6941-5394-8b4b-8c755df6fe26", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5fa5d7fa-bdcb-56ee-aebd-7b3d3c9fad92", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0302113f-932d-5251-ba8d-ec359298af5c", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a530468a-90bc-5876-b015-3fb00ac851dc", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:060e1c35-8fa8-5fc4-a1ee-c976fb9cc866", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bfaf442-104a-52c5-b52c-b03222956c20", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60da493e-ad9d-5d0e-906c-ee789674bca6", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0f2b62e1-d0c4-558e-9ef3-c97b264551c7", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:01d348a7-3297-5aa3-ab05-e9dac3543413", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1cef0e4-1998-5b02-9bab-07fab55cfde3", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f07eb6d-a3a5-58fd-a833-97d0085452b0", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be2d45d3-44c2-5bb8-a12b-ced342f06dfa", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c2b9b50-4be8-50a4-9afd-7b8eb0e670ab", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e33c779e-c21e-5759-8bd8-48168418254d", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c305d89b-ad60-588c-9e68-6c7c1c223bb4", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:690f9ab1-dcb7-5400-9e7e-57a8cc8b2e25", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:531fd2f1-c72b-5f36-a939-f892bc894bfa", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e35bf87-8efd-52e6-8202-72f29f8fd44f", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 9.0.100-tuxcare.3 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.100-tuxcare.3" } ] }