{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4f70d2c2-917a-58d2-bb6b-7c56b4ccf2cc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-juli", "version": "9.0.90-tuxcare.5", "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6de1a980-366a-5a1e-b3e6-f34a3a66853d", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:151ed9c8-f3b6-5cb5-ab2a-e6c4e7b17938", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1bf4852e-aa95-55b1-a1e8-cbd3393877f7", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:235a5e60-aca8-5200-9650-826e439567c4", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:afd21fc9-8125-5336-bbc7-fcb88b27e199", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2e3e9f2d-b426-56bf-af65-b4f5e7d8d45a", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1edaccff-e87f-5afb-bdb5-887cc30bbf4e", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e0878b70-51f7-5282-a652-c449d949f844", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:371b1596-5560-5b07-8b87-e318905ca9a1", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9f1a39b3-e555-5af1-9c1a-ef032985c690", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:be57eb06-7d54-5cf8-ad31-91ffe3449d67", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:42390d3e-c9ee-5120-89fc-6fd837c560ba", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ef0b6ee8-a24c-5246-a538-88f59bcc4a8c", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:56d7a4ce-36d5-5e19-99dd-5c7f455b94a4", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:21b7a72c-75e2-583d-bf17-e2261ddfed7b", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d791eb13-777f-524f-9879-21e48075851f", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8d0166de-9dc1-5880-b83f-228c4f9a18cb", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0b101a4b-38ed-5f56-ba6e-9472034240ba", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9fe99dd0-5efb-511e-858b-15f308876356", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:27fd91c6-c066-5fcf-8ba9-9cb8d26d98cf", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4a1f16bb-855e-5875-b489-0ce3b9b43870", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6d20af41-1dad-5266-b7b2-7d4b8457c273", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5f9974e9-762d-55aa-9ce4-01234d2c74f6", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3d056345-db23-55e7-b085-cdb31c3b274f", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:940e3540-67bb-5b87-85a8-d957f6f70ec5", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:62742520-74d2-5400-912b-4d4423992cea", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:03ecb9ed-956c-5c99-88ff-4dcc6cd554f1", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2bc9aa49-c044-56b0-ae8c-d7daf64c95c3", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:209f7635-fb01-53da-9648-ffceed7af00e", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:49ce92ef-2798-5f53-8ef1-8b9e0cad235f", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bce04be4-b1dc-5bef-9b4c-18c4b5548e09", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d88bc450-9d81-53aa-8a1e-5ade839a465b", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7259566e-797e-5899-bf76-fb4d85c5b6be", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:426a5aee-846e-5cb1-886b-58ce5e37357a", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:da017f6a-815b-5025-9a2c-786db02212d2", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:349b713b-314c-5fda-8b49-ccab9d640650", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb21acc7-c849-5df1-a806-ecf07c8ec79e", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f8303048-a32a-566b-ab38-2beb9787b040", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:beea838c-1cad-5b12-ac21-d0fcd9de662a", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.5" } ] }