{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:58a709bd-6e36-5ee7-b423-c66269daeb7f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-tribes", "version": "10.1.42-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9592eb6a-9383-51c6-ac88-ed0572af4589", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec1e4073-bb59-5568-927a-7fa73868e322", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f4fcb81-6fae-560a-bd24-d6239ed67ef4", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c1210eb-ba6d-5e3a-8fab-d45b535e2f27", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4785ea06-dfdb-5ac9-829a-cee27b82e8f6", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23fd7b4e-eb95-5759-a30b-efa2c1f8ece9", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e99af3c2-9867-5bc8-88c6-c5d1685b5807", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a66c79b9-e8f6-565c-8d13-b1c3e6e2cc62", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59962f56-1017-522d-9281-d9a455fd8bb4", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87fb4f50-2fc9-53fe-9dda-26fa6d175214", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cf22151-d15b-5883-9867-3a1b1782e60f", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73f98fcf-f390-5405-b190-514b3724ee9d", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10ad2244-60f7-51a8-9606-864c1ca7df54", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac86530e-9b72-5c55-8e1a-ebcc80a132d3", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a57382b4-bb5c-5a44-8641-5b6c69a62d4a", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87764995-400f-56bd-b7b2-6278effb3a70", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4dfa91ce-c56e-506b-97ec-4d46b42e4556", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:928f848e-ab50-5489-b7df-60831d8ee2a7", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7c09613-0375-56e0-86fe-50efcf335a7c", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d5c1f66-c54c-5970-8916-59cecbb8d79d", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85962e2e-84d1-5b8e-ba1a-b72f937a80c5", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9dbae2d-de37-5061-82ee-0108cfabb70d", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@10.1.42-tuxcare.1" } ] }