{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b54db329-04db-5289-9faf-fbe0b244b90e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-util", "version": "9.0.46-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:79552ea2-5cea-5509-8126-3abcf5736608", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2ead916-748f-5bf7-a8aa-943c75d84878", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34c81c87-27e4-5ae3-95d6-be81879bef61", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28ec2418-8fb8-566a-80f3-49100eb59d21", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26a49dc6-2fdf-53e0-bae7-baa99e2a50e3", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:775b24d0-2307-55f8-89e1-272ed57a3437", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:074c7e40-af15-57a2-8464-0bbac13aecd5", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d09df138-246c-5971-adf0-43c6e85ea7bc", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:764ed497-b179-5582-860f-fa8ddeb021b7", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d73ba73-0190-546b-bb04-bbf7758aa349", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25e84801-ad41-5b23-9b84-b8069c3d3f38", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:166f8aa9-1040-524b-a42a-2412f1a34f57", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33120167-2f65-5a77-97e4-00d1ab739e1e", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7756ebe5-cc9e-5c6c-b007-9b277ab10622", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca010736-dd34-5dfe-9049-776021d51290", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dee9b31f-4cc8-5847-b0ef-6f3b513bf7ca", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70b657d2-f5b8-58e4-bb27-ff31948c46ac", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25aa6625-5765-5013-8c19-5b4e12b2a872", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8763a3ed-2fbc-5b6f-999f-65d2fd813ab4", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1cd5b023-cb75-57f1-bbb7-2da6184df9e2", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ca27d9c-a7c4-59ba-8272-f4605f2c5201", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fdcc507-f564-55ae-a0d9-9af885f52c37", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f37f4ae4-aebe-5370-8efd-3f0c17590d10", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:114d7a19-3140-5ad3-9f49-86ba7b05b151", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed08f507-69d8-58e8-92dd-a704be05f1ab", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd2f5521-6b9a-578d-8e17-c40341fc26f8", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8dce6cef-3521-5d05-a93b-f10b117c8839", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45672c45-2fcf-5d74-b4e1-ab73a7de52ba", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3bf0446-de96-55de-9496-a91cbc4b94e8", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74362e43-8809-577f-86c4-da7040bc78df", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d471da81-e8bf-59d2-89cd-eb6db4ea7353", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6626c87-2815-5163-b7f0-12e6fa4b4e2e", "id": "CVE-2025-46701", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46701 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:571d521e-e511-50ae-8611-a7b5356fbb03", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfc12f39-80e9-5ddf-b888-4e7352c93d90", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38e269dd-0ed0-58f8-bce1-e1454e46b733", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f75daee-3ff5-5982-88ae-57cf80bd4a39", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5554c715-4c81-546f-8ea5-6c5e77fae313", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:216f4c59-6c55-5518-87ef-d3e7e76a245b", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f041f22a-caaa-58ac-850c-44f8f25903dd", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:943267a8-37c9-5be9-b3bc-a7feb791b190", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bef8322b-9dd3-51e8-8bee-167efac7c445", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec7eae2f-07ee-5f30-86c9-bf85e946d4a8", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23e2940e-0e51-59cd-9fd9-d6a8464baec7", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31dba675-d2b3-572c-8bce-cfa4acc84023", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ba0c488-bc46-56a5-9b39-017f7481693c", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9fbe001d-cc59-5813-a4db-91c302f02d0a", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b347260-6ba3-5152-b530-0147b53ee45e", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a57b0d19-ba95-530d-b17c-556768558bc3", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:646f1fc8-5563-5f9d-be89-11750f1e3a2e", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91473ac0-07f2-5d1c-aa56-8092dcb27f1e", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2754227-0885-5748-ab8a-7340276e9106", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.2" } ] }