{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e731b21a-b643-5d6a-959b-760455befd37", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jaspic-api", "version": "9.0.90-tuxcare.6", "purl": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cade0839-367c-5f21-a531-bb7b55529043", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3cfe666c-9637-5ef5-a29b-c4512e5308d3", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1f8066bf-1232-5aa7-bdf4-f6940acb7edd", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:40e29858-abdf-5df1-8c94-2877fad12860", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fa29bc64-449e-5c30-b992-1c5e40583029", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1e0f786c-b37d-5964-b218-42ef26dd42b9", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:83268627-6747-538d-8d96-6d2ced02e1f5", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:28b07a71-8a05-50ee-a01e-1f240d064f53", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:109151d8-ad0f-505c-b1f1-1a3d5e98c97f", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ad7b5e0c-3e4d-5541-ad7d-b6925fa55288", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f0e7ff8b-bdf6-58ab-b6a3-dd6a14d9440e", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4cba8f6c-8c04-593a-a999-c5354877b350", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e6a381f0-f90d-5c46-adf0-86e115d50113", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e0f1b900-46db-5a9b-8337-ad7b209ad347", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:faf546c2-a119-5cf4-be1a-9300d65fd158", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:96c7ff4e-e095-5eae-b6b8-2f7ea1575341", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6657e013-6964-50eb-a738-3b9b26ee8a2d", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:35f39179-f4b9-56fd-8ef8-65605b2e8ee1", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:edeaabe3-fb2f-52bb-95c2-b4bee4b61ded", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3be5624d-0af0-5c1a-813b-96914912ecb7", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:61ca13bb-3276-5c49-98aa-6de2f90fa1dd", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1a54aa6a-6334-5325-9e0b-d1911837164d", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:22f56418-074a-5c26-baa9-49782d64975e", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:09a6e74e-33e4-5f68-923c-2a52b3b7f9e3", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9fbcb092-8023-5fe7-a76e-2fbca49528f3", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7d80decc-90f9-5658-bb96-92e0f76dbc0a", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:36badcdd-53b8-5e16-84ce-305ce2f86819", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9cf086a9-2c98-5f1b-ad97-d77c7521dcc0", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9fe24af8-0128-5c21-bf06-fe73ef05786b", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f3979100-4649-50d3-9b77-acc4195371b7", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d56ceb05-f3d1-5a32-bf43-08455e88a0ad", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8810fe48-9d7d-5cb1-a756-37fc787c27a6", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:20694821-8f48-5cd1-a3d1-0e8b9874de19", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b5255b37-1275-5b2d-babd-4385fe6f6d74", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:65af289a-1f06-560f-a4c7-554d0f45b7cc", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c8d1fee7-a3a7-57ca-b67a-4d9a521793e0", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:db131a86-6235-592c-8b04-9531e7fb5f63", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e35690a2-e45f-5cc4-954f-3f8869b56a0e", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5d72e2ef-c7d6-536c-bf3e-d4ade755681e", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-jaspic-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.90-tuxcare.6" } ] }