{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a1f48946-da43-5028-b1ff-99c2988cba48", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jni", "version": "9.0.90-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c7bbea93-b080-5ad7-b684-92490ce28967", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a5c7214e-840f-5e4f-b574-b17e9f64684e", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d00aacfb-a82d-5336-8770-f94fa47c4a30", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1bddddad-36f8-537b-9e2f-031ea4919894", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d06654a-5fc3-59f8-a4bd-b83ff2f4dca6", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:977bc871-452b-5fd3-9423-2b042f24e2ba", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8dc684c5-f57e-57df-aa64-25b35e932a79", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb6d7126-6d4e-510b-9d39-10a691b527f7", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:633c258a-f83e-5917-a293-bbb3d269d272", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1cb05f7-19d4-5788-8fa4-303a464c7f86", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5fdef48-daa3-519f-a488-0f65f4fb61af", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ecf1339-d624-5962-91e8-18e295cae251", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca710d97-dd26-550d-83d6-50008e6b9c14", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ccc1688e-e567-5ecb-9006-b16a4ceff75a", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89e22196-1a5e-5f48-8ed8-cd2984a28e5e", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab1e3f85-8c4a-537d-871b-f6b12a2e771a", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53400946-af8c-50ac-984f-f294c13702f8", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f0d3096-caa0-5cce-b9c8-d378a238ef5a", "id": "CVE-2025-46701", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46701 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4106c110-a471-5c31-b57f-83b4ae69dd84", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f2d94b3-2a6f-546d-87e7-7969ef304f07", "id": "CVE-2025-48989", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48989 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65b0e042-10a4-5f93-acae-a610bcc62760", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad5d3f60-d027-5dcd-9072-1081a4707ee5", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:698adb52-5242-57db-b4e4-ba80684fab8e", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed81bb6e-5659-5bd0-8d59-303cc5d42cd1", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b492bb81-a1b1-5618-88db-12912d3c64e6", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb084913-7fa4-5a1c-9bfd-cc07d7324864", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07cb8bd7-e3b5-556d-9a23-6a520326b901", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49c69b02-c3e4-53a4-a6f4-4c63bf4ca1ed", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cc4e701-c2b3-532f-b9e9-6245e4e3f46a", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18c7b577-e7ef-5ba6-9a64-4084f82e82ed", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1758e88-8f4a-504d-9fea-41ffc04a6aa8", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c816f26d-a3f6-5ad5-9f2c-2d9cd47048f7", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05eae08c-f2e0-5589-990c-9356b8ed7b2b", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:481aa209-e8a6-5e8e-adc7-ffd89497ac96", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a288efc-38be-5967-a66c-a6dfef542669", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2f283c6-8733-55b2-9c27-ae8a5aea1400", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c647f3f0-cf1a-5eb8-b039-d67bedd8d81a", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:daff8649-9ab6-5f13-9c3e-8e199f868351", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4aebf607-1301-56b8-964e-39f8e19b59df", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.1 of org.apache.tomcat:tomcat-jni." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jni@9.0.90-tuxcare.1" } ] }