{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bb7ae6d5-2d4a-5f4d-adf8-8094b07355f0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jasper", "version": "9.0.90-tuxcare.6", "purl": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2cd34165-9367-58bc-833e-88311ea5acff", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a98f1e27-fc12-54c1-947d-22b514853f8f", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d4ac5aaf-ed05-5b74-9101-1edfe493762a", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8a3a8436-84ce-50bc-bdef-fa799370d71c", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:19e0b592-bbc2-5f09-9519-69ffbadb2bac", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b8b3a6f5-a2fa-5179-b394-537daae14995", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4c5557e0-2703-583d-8614-c1958317f75d", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:02be53e0-e928-56fd-b67c-dc6b33566411", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:07c1c3cc-3318-5032-ab24-2d7e1389105d", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3c83732e-b611-5017-8f22-0b7e6b1d3201", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c7c56a97-871e-5730-80e7-1b7c1eb36f2b", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b08774c3-bde5-5abc-b377-711be1d24b87", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4599de87-3e7e-5448-b942-4ad5199ba1ab", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:38edcc33-0222-5313-8f8a-11c93e244fd6", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:32a066de-4cad-5ead-9575-7f565099e3a9", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e6fd3ee8-3094-5ab0-b528-4e39c4c6b364", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d699a0c5-4148-51ed-87de-b4ff84c536bd", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:761ed443-f0fe-5c77-a793-fd479936b8a6", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8182c118-16c6-557f-88fd-e104f9d118a3", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2a11a02b-e2e9-5cd2-a942-a6e9735fa35f", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4804c94b-98c6-5464-a733-72239d5ac95f", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a608e10e-b8e9-52ed-8426-c7fb42aff251", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:596541d1-71a5-583a-9a49-6c2cf4a0fa5a", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:603942a4-29de-55e4-9096-468e2e0992ff", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:84177ef6-c0c9-55f8-9ff8-2d186aa807e9", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fc946353-ce29-586c-807a-fafe2e21beee", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f60524f4-e8d0-5834-a7ee-852b9b5cdc4d", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6d55c365-d116-5a7e-90a4-fe9562b26d4b", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:48067cb7-8797-54e8-9961-d0cf49acaad9", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:902c5e27-0da2-592c-89b7-3c57253c51fc", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8d05a66c-2c14-50c5-bf88-fd630616aad9", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e1447954-05c8-5355-8cfa-e9fdb709e241", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f38c5730-18bc-5961-8c6e-fa98db18b6cb", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:73cd2e90-16b1-55f7-b464-a83af4a8ca36", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:899ac705-a3b8-59d5-8cd0-3627344ebbc4", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d60134e5-ff5d-5d4e-9e83-fc814b26d659", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ef27c660-dafa-54e6-b0ef-5d8f9436da0d", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:099f8a07-1cad-5356-9fc0-52902da78466", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f4792d83-ba13-53ad-8715-15a118436673", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.90-tuxcare.6" } ] }