{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ca8189be-38e6-5065-98f1-3b4475d0e365", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-el-api", "version": "9.0.90-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7ac9b0b7-dbd4-55f4-b81a-ef9060356f5c", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a110c24f-6df3-5cdd-afa0-6b0516c1b6bc", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b863a459-9775-5e97-ac8b-a219bd29f057", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d51b9ee-4ba0-537a-a943-e189b487b841", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb6628b8-61fa-57a2-83d6-caa4855253d2", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8a68042-4c55-51d8-b357-b4b7ec01ed90", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a358559b-21ae-529c-8903-c531160a3f30", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eefafb4e-a830-5bfb-ae95-ff4af2408742", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:633fa45f-45f0-5fa3-b9e4-9020afa211eb", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dcf95a6e-59d4-5f13-b983-dcc4ad359363", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba1c35bc-8df5-5636-ac0a-cc0c81384cb4", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65e4ed3a-0750-56e2-a90d-2c76aa857908", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09fb84b1-fe2b-5df1-a786-37403e766d26", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d01755d-56c1-5fcc-a022-5ad4ed3bf197", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eea63e63-b282-57db-a6c8-40095c8a4982", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:425d8662-a6b8-5445-880b-e5c0e21a7ecb", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45db2c7b-cfd2-5e25-a24b-3c84656a1aa1", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19e4f791-3f30-5017-97fd-d63cef8b180c", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d0773dd-d46d-5f74-ad92-35f5ff8208a8", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c628320a-0f8c-50b7-9627-82265cd43e6b", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:deb2fd9f-7cb0-58a9-8497-914712c5e2ec", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ca64fe5-60ac-559b-940d-01a28185210c", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ea04d11-c682-57c7-a2d8-ed4289cff4fe", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad1db655-ef2c-5c67-8ac2-23ca478c6b8b", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c11579c2-9b22-5de7-8c00-cd3e2e99eac1", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c766c81-e66b-52ff-aa95-4281c2a672a8", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d044816-07d8-5e48-a8a2-deb1a76efcb8", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4da7b7ea-057d-5a76-9127-b49468e588b2", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:210b575e-928e-5f95-be22-9d9aaf954187", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4181ee9-3ef2-5b7b-8c41-836c53e7c4f9", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae633c54-3d9c-51e3-b3e7-16accb82d66a", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a5fbe35-945c-5559-8582-b4972ebe82f0", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ff733fc-3404-56e4-b32a-7c1564a4fe9e", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:caa0c441-d8c5-51a6-b4e5-5c32d34f2fef", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68e3536f-e3d5-569d-b2d9-5ebcb90398ff", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f29bd557-37eb-575f-887e-018239a3a7af", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fcd27f6-46fc-5c0d-9006-a68209b1bb6e", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58ce1be6-f856-566b-9847-d5414485d481", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:abc125ca-2026-5da9-9017-470eb604405e", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@9.0.90-tuxcare.2" } ] }