{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3ef53f92-02ce-5aa5-999f-535e09d9a61e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jsp-api", "version": "9.0.90-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1d8b8025-1404-5b36-bae5-28a066315ac7", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b20dfa4c-7e4f-505b-ac4b-7a333ee3827c", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73a9b62d-b9e0-5d65-bd5d-2eaecef5bd27", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4180c72c-352e-5e7c-a763-abd1e2369448", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:feb32d4f-e624-593e-a4a2-dd0ca8868daa", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8793f80-1214-5bb3-9c72-6a8fd7d48a6d", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dab70b27-398b-5367-9a72-ac896cd5465d", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:01fb050d-75db-5b3c-a971-5ff5d4e77ab0", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:146e19ab-e351-5a5a-86c1-cc0f8b868dda", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:305536ba-bd15-5a3d-af4d-0b7419adbbb7", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:87865c88-b653-53d4-ac66-b7d2d9d9d20f", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:27429a8c-be1a-5bd8-b2bc-ea28f4cd99f5", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e24e5393-6727-5fa9-904e-b8ae9eb4c78c", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa008aca-5342-5846-90b0-1f7daa5290a9", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2038108c-96a8-50b3-a08c-8335e1c2156c", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1146f90f-ffe0-5f69-8097-106ee2d6e808", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c32768c-4b5d-5365-9e82-2769cbc31042", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e444acff-69c2-5162-a38e-08762eaf8d7e", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9021f85-2035-5fd0-a563-affe328321bd", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31ed3d15-2908-50ad-99ff-93f40302ed80", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b203744b-4820-56c3-ba86-6c7e6a93d47d", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4125bc88-0750-5afa-af2b-82fbb0489641", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55c9b4f5-39d3-5ac9-b134-9b7f1b48f31b", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c280abb-250b-55d4-9a4c-bd7385795008", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c03c9b1-5538-5e82-b1a1-7deb112e4726", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ae21172-fbd5-5090-8778-41b9b2a7b59a", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae712b07-0a24-5eda-9673-ac7d5b3277b9", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a1a47afa-9ea8-5f74-8f38-8293eb96f301", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94bd78ee-fa83-5d47-8f67-a5413e97b350", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b74b144-d127-530e-80eb-ef2d695fc7d4", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a087b3e6-2f74-5831-a521-91a0d94e1651", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53e35103-3eb2-5684-8ef1-e4aca27e52e3", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8dd7919-6f1a-513c-ba09-3ab2ff945396", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb9b6454-7a0c-5469-8f7a-b9c8534027d9", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f0098aa5-717b-5293-8c4e-952de93319b3", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9f1c10f3-5855-54a7-af8d-0c5df8416503", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc97e94d-9bdd-51a0-93ea-8251cb80e2d8", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ebc0c4c1-af92-517f-b626-2b847f00a0ff", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be52a98c-5e78-5094-922b-c97e6805e445", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.3" } ] }