{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b352aa69-7250-538d-9750-7ae73d7c9397", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-tribes", "version": "9.0.90-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:40a1d3f9-059b-598c-9553-105c96684330", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7adfd1d-299b-5fa0-886d-26c10c8a88ca", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9a37053-7016-5504-bde8-17ce14db232a", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03af2395-f4a7-5967-a177-226249f51a7d", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3bfc5551-800c-5b0c-b688-142fd89734ae", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e67c0cf9-46f1-5416-9258-8f928e276ff1", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8048b617-e372-571c-a821-30193276e92f", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b554e55b-e25c-5264-9e00-8750bc35c849", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31efcf1d-da63-560f-b066-103383c13961", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c39fc000-6e8d-53e8-a741-481bcbd9777b", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46ead30e-cec3-515c-adc1-b8aef32b8141", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62e067a9-2e4e-52aa-abef-938153fd774e", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:774271ec-aac8-5f11-aaba-0558d77b79c1", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e300930e-b345-58a6-9b2a-8b4dcca5a68a", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3dea94a2-c023-5f95-9d75-2e4fae74b90b", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fede40a5-e3fd-5bdc-8475-5e81e76163c8", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56e43f7a-43f7-5b8b-9fa8-3f336aaa2492", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c981409d-1cf8-54ca-97a8-07b12a11917d", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d369459c-2a0e-59fa-88d9-49f40534b6a0", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eff5234b-6a33-5a5a-b2e3-08029b2625fa", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3deded9-6889-579a-b434-1135401979ef", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c14f7b78-e474-5881-a8c9-96ddb8621918", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72a3a828-39e0-523b-a3e1-a77879f33a03", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:602f9eb7-5d75-5911-ad6c-710cb0cd888e", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e021bd0-d0ae-5b63-b0d7-36c8a7e798c5", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f6940a0-16df-5f16-904f-e40db55ef751", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81fc1591-52cf-539d-95df-9e482f241510", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7fcccde-309e-5eb3-8d87-aff5cc4c1514", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc143acd-46d7-567c-86f6-891aee9a8e3f", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12a75185-b1b3-5d4a-b070-12f0e6d65de2", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e202494c-fb1f-531f-9d3f-fc808d1d909c", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c8f3aaf-c284-5a1a-b43b-78541f8790eb", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dad011e0-767b-50db-8d6b-edd1cda1161d", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27bd32f5-1c5b-572f-b155-a33de664f715", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:277f3926-fff7-5510-9be1-502bc0cdaaee", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85252bfe-ec28-5a34-a069-e25378afc9ff", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88aac303-bc0d-5867-831d-c30e7720c62c", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07ef6f35-f16f-5824-b9a5-1132f0050de2", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13339ff7-e743-5ffe-946d-33fc6c9d6e14", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.2" } ] }