{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9aca5842-71e5-500e-8490-036dcc1dc05d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-juli", "version": "9.0.90-tuxcare.6", "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e7fa7792-4dd1-5817-9312-7836c3d81624", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:44037236-c590-579b-acbd-be2daa108d01", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:24ba16c4-8948-5c59-bf5e-6e747b7bac8f", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:79e09aba-d022-5dc1-9127-0a3591e99263", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d2469c15-a314-5b34-abcc-5294c5a96e43", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0814d362-487f-58b6-9ed7-46025e081298", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b8c14a7e-7594-583d-915e-ced75701ecd9", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e971535f-e4b7-5a98-be2e-d84a2795a961", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b520bc43-2181-5cd7-98f0-eb6b9f7777b2", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a8003998-64d2-5a04-b91c-ae032341bee9", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:546cb86e-ae95-5047-b8fc-602130a2cb11", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:30758af8-fa49-5957-bd84-d6ef408e3ffa", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:42186d9e-ab57-5be2-9cf4-1df519328863", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f0935831-19f4-59e7-853b-677bee671fab", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0f96d3cd-eed3-5a0f-a1ba-9872c0fe5174", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b76b9e78-106f-516b-ac51-cee8f051549b", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fe01a343-c77f-519c-a3af-459cb6754336", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4dfefe85-efaf-553f-a012-c0f93d1c1593", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9c60252f-917b-5929-b15f-421057675980", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:60dfce46-d7b4-5706-8c35-5899c0bb546c", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:83fdf352-87a7-52bf-b0a5-be0ae04155c8", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:88de4f4a-4199-57dc-a10a-e14fbdc09ec7", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:177e2279-3550-5c3a-844d-e6417dc1fccc", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9ae48593-0c53-50e3-8317-6fdb11f9dbce", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a2295125-0d22-582f-a276-30402bcc2e08", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bc5b063d-11d6-5cd4-9ead-9124d28cfb11", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a85a3e4f-b2aa-58bf-9d78-9cf3ce71faa0", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:39e0f825-e59e-5c4b-a397-0da304d6922c", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b70fc151-77d2-5f72-9d95-6fb7d14f42b7", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:996fe685-387e-5571-b4e4-fa60fe575024", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:45a75895-d6c9-5319-b0d3-e7618d3e67e6", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:edf1502e-649c-53c3-91ae-eda4c6b2078a", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a77e7c8e-8b92-5e4f-8b98-8a7878c0a52f", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0721d032-fb5c-5991-8e5e-6861982e2122", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a84334b7-2d1b-54bd-bb75-59cb93994530", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0936a6d9-3f99-5429-ad2c-fc9f38a7eb25", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:af0b674b-27ff-5c03-a047-d2139bb546f3", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a0d5415c-3402-5e41-a183-a148093bee90", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:97064d56-3ca6-5b68-a002-a55d37773e67", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.6" } ] }