{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f4c7092d-be40-5d29-b702-d63fcde0ab79", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-catalina", "version": "9.0.46-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:877e847a-9c88-5d42-bce2-2996f6dfb8df", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e49adabf-1e46-57da-9e87-c35936785a94", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d6631b3-a07e-5bed-b81f-1d9c8b20e6e5", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e319d2ce-c8a8-5925-9942-2df9aba2b915", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9dccf07d-5b1e-53bb-8bcb-5dfdd808a812", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:feca0567-34d7-551a-86bd-c40218edefbc", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f1de5e47-bd3b-5d6b-8c9c-d964e67ecd90", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1fc50a06-f1f6-5f71-93ca-e812575b2bae", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cc7cd98d-e8d1-5757-8158-fa9264d49459", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20aed074-9d12-5cda-8d34-99a1e99c8791", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a80459dd-8dda-59bf-84ca-346112c2f03f", "id": "CVE-2022-34305", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-34305 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:614a8880-b495-5050-a8a8-bd42d339de49", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a3b3cb1-8abd-5239-879c-8db9071dba91", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7133ae6c-ccdf-5d2b-a9a4-52000707fde0", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e0d15ab-2b33-5236-a26a-95b06ea10832", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57c8e37e-235b-52e0-a6f3-1a1cd6d1de48", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:90e5ba00-7bc0-5d66-9c12-2dadc6533484", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:33493883-56f6-5efc-8006-fb8b2ae49f19", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c0df2c46-3b20-5fc2-9f6a-d4c2219789c2", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:04dc9f2c-dd64-5926-acfe-d2a17843ce7c", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:665f4a67-331e-58da-859b-9f33081db656", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a27c60f-4bd5-58c3-9620-4faf52424350", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe39525b-82c8-5694-86c1-c20c4915dbee", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cfffad1f-7f48-5218-8f1b-d1aacce6c3d3", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2574d4d-7a95-5c46-bb81-0b5f783faa2a", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7206994d-b8da-50ed-9cc4-c19a7bd65fa2", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:68508275-2504-58b3-8124-8db897fbdc02", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61952670-448d-5481-a9ed-56901e231855", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74550b21-486f-534c-888b-c6cda8e12109", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03e2ec39-b1f4-5c50-96e3-372492d9690d", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30dedba0-9809-5aa1-bb5d-e0a121ec42b9", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd50be49-d0b5-5260-a18e-f3ca5b561fd8", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d8a4ed2-e1b6-537e-a311-1550cae93f2d", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5b4799ef-936e-5730-b8ff-de78f648b7a9", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f18e2f2-35b9-5230-a271-7fbbb144f839", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d744bac1-72f1-5949-9d14-84d06c1a4f81", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe749c56-bf40-5dba-8135-84c916750328", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:efc536e2-d313-5a8d-8571-fed5c0c0fdbc", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:443dbcc1-1c78-55d7-bdd7-2c36008bb955", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe501ad8-9360-5613-9af4-9d2a5506aa32", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fd8b33b-cb4d-59ac-a576-fd06764c0f40", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8bfab7ef-e8ab-5aa4-9705-a4a3a9fa1251", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9193b05f-dbf4-5b9e-8feb-9af4e57cba44", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d41387fd-cec1-5d00-9277-baaba3d27546", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f1e3811d-7787-5858-b93f-f1ad30dae108", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6921a4e1-37a7-5452-90b9-7201a3421b4e", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6333f58-1302-5724-8949-2f32272d95bf", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ec0565b6-1af6-5ddb-aefe-feec376b2bb1", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9cb86668-d90a-5bae-a5f3-95ebba50601f", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b552c57-a66a-5a35-b759-0a8981b4459b", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1cbb606-a52f-5ebd-9167-60016d0b1a53", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.46-tuxcare.4" } ] }