{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:951bea7b-d950-5af6-94d4-31ecfadeead3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jdbc", "version": "9.0.90-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cf59ae28-54a1-51ef-9e3c-ad0344b34b35", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d377d6d-becb-523a-a287-5d2c16a535ed", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6227cee1-7a34-59c6-80b7-be1bfc1912f3", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cc3160d-ef71-542f-b660-f34a58432bc8", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f04c4339-2080-5316-b79b-9b0bac224d59", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31423985-31b4-5bbf-b214-7509723e32c1", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cb25ac1-a614-52de-94e6-5d8294ab8c96", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d51f881-3575-58bb-b1b0-f93a19e235eb", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eda66b0e-a986-57f0-bb91-e4f08a87b9d5", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:791ebb68-dc65-5cb2-a314-0024c681d39c", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8d6ede8-b21c-5869-bf1c-06cdb3bd070a", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7090c8a-69eb-5e75-9656-5ee5ba8cf4cb", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b7683427-c65d-552c-a2fa-e932713c60bf", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79abd56d-a210-51c9-818b-a77f12a72a4e", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28303b50-89a8-599f-8070-e43d96fb0afc", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f09839f3-6b8d-5e8b-bdbd-7de8288c14b1", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:855680e7-95c3-5c91-be7c-ee6422ca2cbf", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4583caab-e690-5975-8c79-2298a75add78", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec110473-b4a9-593e-9ee9-4eb26601bd7b", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cbbb6580-4763-542f-8217-13cb4b1b68c2", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb470942-459e-5a93-8e77-3808b16a6015", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17c541bf-6d1d-5b7a-b8d5-7c1f616f2c07", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a5aa608-ed9c-5cd5-9b13-e8ced6512633", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3aab0a9-6d0a-5178-9947-443125eb9a55", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:93f03b48-1c93-5a5f-9c07-82a794251043", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2af85cc5-c6e6-5138-9099-de843dbb8977", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e4bd1304-f857-5f4e-950b-d804758900c1", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:617f2c83-a7a0-57b1-85c5-cc980bc9bef1", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f47d24cd-dc93-5e89-afdb-06e69af35e08", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7256535-502c-5def-bdfd-6613def9beba", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ea0fa10-7b5c-51e7-b4d9-c236f4e60896", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:511ab253-71df-5be7-bb11-18dd3af8d685", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:276b6800-c6b3-5c9a-93ce-47f6240c7157", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38cf28de-476c-5f36-a524-200c682a3459", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f3453480-d8b0-5a8b-bce5-550aaa1cfca5", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7aa784fb-bfbf-5a38-b694-c4d494bbbc48", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0152b65d-a25b-5071-9805-2c77734d9a6f", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be1b42cc-3df7-5a16-bec6-3c72eb58ff42", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d14be2a-a71c-5c18-a50a-73472bc9dcc8", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jdbc." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.90-tuxcare.3" } ] }