{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ddc3fd77-51e5-51b9-99fa-aa0ce517115c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-i18n-es", "version": "10.1.42-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:58429ec9-d272-5421-85aa-ba1b3f74cd4d", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d2c5d9f-0d94-5fdd-baa7-e2c19ec0fd00", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd5609d5-f2c9-5c0f-9a2e-148eac807e03", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9aaa1fea-7ba4-5c74-9608-daa2dc9ed6f7", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b488a996-4210-53ad-af66-f0682be7051b", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46598c38-dd13-50a5-87f8-92f7276125e5", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64d344e7-bf19-5ba4-97b6-70b7add4c088", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c67e6fa-864d-5f57-babc-6b0396faf7bf", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4c8716e-d04a-5701-9785-f030280ab6ec", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76b4258c-a577-59ee-84a5-46dcf8f8af6f", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bff88ede-8b8b-5154-a26f-0238f7968400", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3d1b4e1-ee0b-546a-974e-5a871e87e3c4", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3556d25a-a5d7-51d2-bdfc-2e7e3c51736c", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74b4079f-a765-5e38-9b1e-329c0211422c", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a20cc37-2e15-5eb6-81bc-d3138cd8f218", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21458062-426c-58e3-a6fc-ad7503163514", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4f87b22-add3-530f-87d8-0c35e6d8a6fd", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15d92bcf-ea92-52e3-a9f7-fc0e0a48c713", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:542f8b6d-a29d-5e15-be88-f26012f25f3a", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e0dd544-368c-5a52-90ed-e3883f1e1541", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4687e39-452a-5be7-8797-aa76c70b7e64", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98504015-52b9-59dc-b940-71adfd993c8f", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.2" } ] }