{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:db156e24-d072-539a-83a6-446b5d30452e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-dbcp", "version": "9.0.90-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c8bcd93e-2e9e-52b6-ad6b-00cf2cd8a457", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51728ccd-3676-5010-ad92-2b837318bb95", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a0bdffe0-4bb6-5499-bdd3-f85a64e1c986", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44764338-97b6-5418-93d1-c8d43eeeac38", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d043afa7-6309-58f3-a590-f4875bee123e", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8783389-6f88-5b0c-9310-6b2afa604e86", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db8a759f-3ec5-5ccc-82bc-8e17eba97a6f", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb77a974-238a-5681-bc2e-1180c2b246ab", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1098d587-426a-520a-a3a3-b838d2e7b55c", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6654af62-a12c-51f3-89a0-63f796ab6b40", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:947eccf3-e1e4-5e31-8e84-da4b01252c88", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:661c7385-3c77-5b8e-9a97-5fd63527760c", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:726b2b0d-9b07-57c4-b81c-be2951edbf7c", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7252a487-5ab3-54ef-963a-8901ad92d427", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:34b53a58-1df6-5ad4-91af-ac321be3ca80", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:390258c2-7306-5344-83aa-9f2edaf1fdbd", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef9efa3f-0ac3-5676-be6a-22c5b3f21302", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95fa7e54-98de-5d85-aa44-3074d5a2d322", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ef8fe00-e032-5123-9710-624e4483661b", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8dc1201-7146-5a5d-a73b-bddaa40d5651", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89c5d7a3-d767-505c-befb-58d6df7fdffc", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4188201e-2c27-521e-8a6e-117e578f38a7", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fed567db-fcec-59b8-b8b2-6b95045677d0", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7635a4b-eaa4-529e-8a0c-4a0efb4b3d24", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9967e63e-8ca4-5cfe-be17-77e3fb4a1c49", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a3bd8ba-5c49-58bd-8908-62b92eb2479d", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7acd277e-ab5e-54cb-b37b-22234fe742fa", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15051f47-2950-5e40-a010-53540255c092", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8a0ca05-c11d-566c-95b2-729bc3c3ffdd", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3122cf81-6e9b-507d-8b60-00f78f874555", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c911afd5-03a4-51b0-b9e3-fa4dd8334d77", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24a30d6b-4c09-5459-869b-aaa7cbd81c08", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3187ab1f-82a0-534c-be1b-c9f1c65d7de3", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17145fbf-47c7-5eb1-9994-c9f7571512b5", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4241ac4-6847-5d22-b92b-38578fae87d6", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fbaf666a-72d0-529b-84ee-2958723f32c5", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06ecc756-ad19-5801-91df-8c63e6045719", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:84af4c53-ee0d-5216-8aae-6b801bef7b41", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f5fff7f-73b3-52c3-88ce-76b606fa34ca", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.3" } ] }