{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d964f44e-71b4-5654-8c97-f5ca9a2fd409", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-catalina", "version": "9.0.90-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2d3d45b0-ce37-5d6a-907c-b8a899a14240", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47f54077-a26d-538f-b3c3-d866d2eee812", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a7da426d-366a-5b80-84f9-c18d5189a906", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dba9e52f-067b-5f58-9478-9b9b852914cb", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ae87753-4e97-5a2d-8b8f-1203f328c773", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e4057396-4480-5ad2-8c05-0bc728a82a1c", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:42bfe45b-af0f-58d1-b70d-e0a2ef129871", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ceb24c22-1a5e-563b-bf6f-f5bf9df225b4", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d577edc7-2a08-528e-a6ad-91972316bff8", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ad25cdc0-d9de-5fd9-b6b2-5749896dd470", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:330f973a-1e52-5e7f-8155-e10768c9dc05", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:af6987f9-0910-5545-a75a-54053ed6e8c1", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25646b33-5777-5f73-907c-630fac2db1b0", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74cac3d3-2f3e-533c-ab56-4f4acd0740cf", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ae8e95f-3955-5236-9f53-ffd373e9a50e", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:913b0e3a-1693-5a2b-8f6d-9ee562ef4603", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b1bac771-89bb-50d3-82fb-5632f8ad89c6", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f0c7c78b-ac8e-5934-9155-4b4fd94445f6", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7470c636-1972-5c41-9aad-bb40a387f34c", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9ac58c31-7455-51f3-b7ba-505e8f32184f", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:85e9fde8-727e-5399-b347-6dcebac35017", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df54edbb-5a79-5224-8a01-21cb8acf1258", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b97e0e67-cc53-50d9-a54f-3401d985e44c", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4b25fcb3-dbb7-5c71-b34d-e3c1bf226c4c", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3afa176a-45c2-55e0-9d29-2f7a0a53222f", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dff84686-1402-5264-ab59-4d44277395ef", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:73827fac-b5a7-5bae-ad8e-3173bb1ba1db", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3eecee2-3ca1-50d1-b4c6-80977e5dfd42", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a773493-20fa-5ca5-8c32-c74a9035305a", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bc817b14-8903-5c7f-bfe3-272088172d0e", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08a76cad-fde7-5f72-b4f1-ba00899db53d", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47890f2b-e937-55ea-9033-27199a1d0299", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bbda12da-8618-53bf-aadb-bde4f2015936", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:545b9358-12c5-5852-a39f-9511db658cf7", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:da849b18-b653-5ada-b57d-72d51c263647", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35f9dc1b-2263-5309-9fdf-a6eea55998b2", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c1ae55c8-0838-591b-89f6-8bdbeca7c6fa", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6378f6f2-29a6-52fc-be0f-e8fbd61864be", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4d2a9e0-41a5-5171-a669-27d1f6badc54", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.90-tuxcare.4" } ] }