{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:70cc4108-7ac2-5956-9e10-2eff42a3cf1f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-catalina", "version": "9.0.46-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d608ced7-8a24-5111-894d-d49aa0d759dc", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4dca8c4-ba62-5dd2-85f6-73489cf785b7", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09bb6d62-7ba5-54f2-b1ac-fe9a43dc928f", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9efe96f5-e070-5c8d-aa5a-6e63f4b8105c", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18e44485-7dc1-50f4-bd10-8dfe5a830d39", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf144334-cc4d-50d7-b14a-86597904978e", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a06b05e-8181-5a60-a126-b873ac2a5312", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ebd0d21-157c-5854-a798-e4c95ebf67af", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad8f14b9-8dd4-503f-9ecd-4ccabf4d00f6", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dcb127c2-4a6c-5569-a371-3337592c5869", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73d74d5b-603b-56bf-9693-89db379fd6eb", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:330210fa-0a48-55c3-98c1-40ca7861fd83", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f266a35e-0fc6-5dfe-99fe-80cb8f762932", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72aef7ea-46e9-5843-9721-44d8c56fd223", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79aa48f9-ea90-5d0c-8ef8-a217a2db6004", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acef0610-c126-5e3c-9e6a-eb2a94b05b0a", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3757c27-1ca9-5ac2-a4a0-fd0eeadea5f7", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d7f2f37-426b-50f6-bdd0-bc5b00269daf", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cd34c0f-4cb8-54d9-9106-fd46fae69ebe", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c032e91-0037-59af-8cea-124b4cf5345a", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67f7a9bd-041d-55f4-885e-a11d7a18b65a", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:283b7b75-ca54-5138-8bdc-564dd1a1c054", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e7e1791-72ba-57e6-b428-2887299c9cd6", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e807e80a-ba78-554a-82db-e036a71ed09a", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cffb93d5-436d-5fda-8564-5b6c910c1b59", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6f2c168-5a56-5495-8cc3-40e5f1986e2a", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d6720d7-72e8-5f5e-90bb-ab186ae70d75", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37490329-aa14-5a0c-b321-94a9722ad6a9", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3bc723bb-fd30-50fa-aabe-51b8fea7741d", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3fb69ad0-c5f5-5ac7-8840-26118cc7516b", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17d4bab4-0d35-59a0-af9e-77d8153ea358", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:957325a0-a534-51db-b210-789b233d159b", "id": "CVE-2025-46701", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46701 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab7aecd9-87ab-53aa-be6d-27ef8a9d8f9d", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3902aab-841b-56aa-bf14-db749f2c2079", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70dfe5e8-aeda-514f-bda3-49fb0bda4557", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b5eb115-faab-52d9-9a1c-8803be453c95", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75cba03f-10b2-5cf2-b612-efd058e6e48e", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15eccbc5-1bc6-5dea-8c03-7fa71abf74bc", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d5ce78d-d43f-5a48-8aa0-68017d942125", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18f824fa-1c69-509e-b5f5-e4687957c05b", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a2fbb5e-7f56-519b-9a16-c4378f0254fa", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f177a42-f5d3-5aba-8838-5dfdf2a3314b", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6cce0337-f4c7-56f0-82ae-c6eb09a10fc9", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d359dd96-4e6b-5df0-8c8d-4e7910a5f432", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28705a2f-a47f-526a-9ff4-18f3625c13ff", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a28b230-b40e-57ce-a2d4-0bff43f466f7", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14a13948-53fa-501f-87cd-7a813c1a671a", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e23cd546-8eb0-51e8-9849-ac5e7eb6ca9d", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcf13c27-9780-5a8c-b499-8195d4059941", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:463fc410-9b02-5522-90ed-7b72781f6f89", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3bbc4cd-338a-5c7f-a7b0-05929e080d32", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.2" } ] }