{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5c401015-9e91-5f9f-a5b9-be6079db9327", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-util-scan", "version": "10.1.42-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5541d7c1-446e-5809-8e7a-3920ac6d05a6", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39e6b163-9167-51d5-b3ed-722f71374b51", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a3d7921-9c94-5089-82de-9b72517ec80f", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48e30b8e-0e03-5db4-9070-66b5b232f797", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ffbf22e-a5a1-598c-83e1-2b973c0ab7b5", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6216d19-d681-5aec-8645-e8203e70ae53", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b012c5fd-507c-5c82-9f4b-5f9c2020c639", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39e3789a-192b-50d6-84e8-1ee24b743ac9", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0696dcd4-6191-5617-99ca-56ab7d5c7fea", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2592aae0-bcf1-57aa-bc88-c98efe949578", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51ddb7d2-f67d-5d35-89a2-6229bc7a896d", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d640269-c77d-5e97-b762-1cfd6751065b", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40035d0f-8acb-573c-bf1f-b086385861ff", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35679ca0-7d19-527a-bfe6-bd323c2793cb", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59d97af0-2871-5d77-a159-2c100b7a530a", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b5d8a02-b6b7-598b-a58f-11a8483c767d", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da40193f-a19b-5484-aab8-190754e9cc8c", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de785d6e-8bfe-53ab-bd64-6eda4b7253fd", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d3364d1-cfa9-50de-8b4e-fa54005431b9", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8743845-363a-5ce2-a3e3-21d7f16ed242", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ad66641-d14e-55a2-9c1d-712642337a6c", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c528e53a-cdba-507f-816e-e96f08e235d1", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-util-scan." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.42-tuxcare.2" } ] }