{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1fea8959-b34f-54f7-bc9a-8d445437a586", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-servlet-api", "version": "9.0.90-tuxcare.6", "purl": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1557abd1-8765-5608-8e93-0008ed0d5f7a", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:65ba9069-a759-5969-a0c7-3726eebf81b2", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9bfc36fa-2ad2-5bfe-bfc7-bcc12a290644", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3f5e00c7-bfa7-52e2-a5e6-13e943526a20", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a7e1bb66-1bd2-50f7-93d4-4c76e9da542e", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9340afe8-6a3d-5926-96c0-943d1ae82d3a", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:caa28503-f18e-5ec7-8106-4b1c3244d86a", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:29675557-201b-58b1-910b-0bcd1d252e05", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:971b803a-65b8-5c9c-9a38-9f8771f94db3", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:74aa39ef-eb48-51da-bd49-f22ef13065b3", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:96202724-4e99-5fdf-b28d-46eba0c95220", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8916f8d8-b2b7-5026-8955-574d97dc71ce", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b0f83d26-e1c5-55a6-93c6-6b013c6bc42a", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d2a6547e-d342-5f3f-a902-8e49efcdd394", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a7d044ae-9956-5d71-a1a9-00d4d114bc6e", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ee759adf-1ffe-56ff-848d-447eab598818", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7fceaa5b-e00c-5e1a-9f05-1207c91e25c2", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d4909154-fb05-5995-b2d8-b63b738bd557", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2e329eae-0cf9-5ea9-9fe3-fcaff1f13e6d", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cf066e51-a458-5d22-b131-f41a96a37aac", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8d4b9969-6c2c-5bee-b63a-1308ccabcf2c", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d4ecde47-0ee7-5eb0-915c-529774a6413a", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:08afb15d-a303-5a28-8d5a-952467f4ad99", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:502a0e94-f0e6-54e6-bf17-cd526b8a8954", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ca146950-4710-5f68-8135-f0269efece4f", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4fa013df-e9ea-57f4-9d42-e9c928f9303e", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9fa7784a-9db8-5026-ab35-c4b671eff30f", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:39089884-4db9-5859-95e2-497eae9bf25c", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bd7ccc6a-87be-5aa1-baad-6c8c3a3aac86", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e39f319d-f588-5a02-b6fc-819251c3ca73", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c89a30c1-5f5d-5bb8-a1bc-712e1cbea300", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bb1745ba-5d98-5649-bfd1-538e2e1082fb", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:708ab41d-f1e5-5bfd-ab8c-8017772bfc3d", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6dd3d6d2-0483-5572-a4e6-a01eae93e992", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e8c7ea0f-643d-53ac-a718-bb343639aed8", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:089ade36-36ac-5777-9dfc-180e8e9895bc", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1fbb8b84-1b4b-5183-a786-8f3844709bbb", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f4bfb8a4-4640-5fb8-967b-50f6b755d121", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:97641fca-267a-51aa-a5e9-d563a3993f92", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat-servlet-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.90-tuxcare.6" } ] }