{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:370418ae-6a0e-5d16-996d-d1924b52cd71", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-util-scan", "version": "10.1.42-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fd11b7cc-1fea-519a-b14e-769b2ce71d98", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ed6a6dc-b80d-5301-9977-2f5b7e56ab5c", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be6f7e81-57ff-5c0f-abef-e6e57669a6e1", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc57a138-2a54-5ca9-83ca-3d5f1bc546d1", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b33f82a4-eb12-53ef-8caa-6c8d74797c04", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:edda4022-36c1-51e0-bddf-ee9a6288f384", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c72ad49c-f2c7-5fd1-a120-60d03d9755fc", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d647094-cb96-573c-88dd-7edb1209d06c", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b47ccd9d-b004-5503-bf7e-4ff804191eb7", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2688747a-bdc4-57a5-bbfd-da2fc9d0127d", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2168ac08-773e-550a-96e7-8fb0a8f20092", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14e6906a-ffdc-5968-aa26-29d886ca35e2", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e08c90bb-6399-5dfd-9f9c-96993012ddce", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0e0d81c-6c12-5427-9c62-d4d43025f859", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:971eebb4-b02b-587e-885a-a2eca4fdc173", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aad1193e-7b4a-553d-8693-779c51670cc3", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9563ad32-23a2-551c-b9e4-6438e5419273", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:134ee183-d916-54bd-843f-3bb2fa67e8f5", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6508225c-4a11-5b29-b6b8-6ea5970bb4d1", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a94ca38c-64cd-5011-a2b5-a47b235e8ed2", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac63cac7-f2d3-5929-b7ed-535926c2e71a", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0002924-a8c1-5741-bf64-4670505632f1", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.1" } ] }