{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:14d3828d-17c6-5fc4-8cf1-2c72e5fbe835", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-dbcp", "version": "9.0.90-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c192a59a-e171-5c0c-a021-909001ea37ae", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1279675f-9b3d-549a-b5e6-bd982ffa8978", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:920bf9a4-28a4-5696-ba7e-e02c90267493", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:911fb92f-170e-5f6f-8175-11208b2493eb", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9a0bfccf-cd5b-5674-9309-64f03e831621", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f0214475-c525-5441-9004-f66122fcdc8d", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:05ad66bb-3a4e-5f6c-8474-2a74fd4f891b", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49675a38-7daa-5a88-8ebb-60ef7121923a", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a19e3c41-4784-54f3-a41f-2cf594eaa64a", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:629a2933-2ad8-59d5-a419-d12cef4146a7", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:262ba94f-fcf1-50a4-9d7b-e570dbee8030", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8bcd2900-09b9-5391-b106-5ffd9a1b702c", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2fe4f1c6-c055-5259-a0ba-884062891a01", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:83c18d3e-546b-5290-befd-74ff462273d5", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31602a8d-2c14-54a2-9668-7ded42a08e3f", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5997716c-9a55-56b0-968b-122954b63128", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6847a524-011d-596e-8519-9bfa0bd363e7", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b4f9227e-9cdd-55ec-813e-e7bcf65aeb5d", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:451e3cc6-e7df-5da2-9799-c6887e4d4ad5", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a9a3d79-d538-5830-9d91-863f2398da28", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9ea1f49-1d4a-52f0-ac8e-06a369e50270", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbdfd5aa-0baa-5a6b-b39d-7e8dc4ff1521", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:05abe924-7717-5a73-bdb1-0d0e9d99e66c", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3eb13785-2595-5cb8-b5fd-672cfb676de1", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a88cd3f8-3ba1-5aa0-8e4e-f95c5da57ac0", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b8a5e9a7-aa18-5fe6-a63a-ddf241a6c98e", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8ba95a5-f132-51d3-9a2b-55d3d6a1492a", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:004c5fa6-a04f-51e9-84fc-c71a2d4367ec", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1b0e59eb-6575-5c6d-8d70-858d0905bea5", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:70b893ea-6549-5f25-ac85-93c1bc0d64dc", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:01ec8ff1-87fe-5e63-a18f-89d52df9bf84", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:da601210-eef9-5a40-9962-16a9d843de4c", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4c9b6401-021c-50f2-9b4a-0313478767f4", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a926bbcd-82f4-5af7-90e2-c419378c0c7c", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:85ad019e-b25f-546b-b4e5-df6d2d629d04", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:06c3b485-79a7-5cf7-a44c-74ce5da6696c", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b97aaa59-3341-53a7-9e16-b78251104541", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7efc585-33e6-5eb0-bd73-78698ed02890", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:72e2476b-8daf-5f64-a1e7-8b9bfde6c59a", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@9.0.90-tuxcare.4" } ] }