{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5b0dd447-cf4a-5e3c-adf1-2a6296a23afb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-util", "version": "9.0.46-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9bbf32a4-8ee3-5d06-9162-beab99a3556b", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:255fed25-d111-52e4-ae55-9243a793e215", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:55cff735-00e6-5f17-be1b-4be20b0c7a40", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6c8088a8-5f3a-5a96-b6b5-b440538d41be", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:43e69b0c-b790-5241-9082-a5f74c1e7d15", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:621a7432-3f5b-5751-9975-62d70b0d1ddd", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ac731419-48d1-5598-9af2-d8e79e0d15dd", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6daf3826-5b24-5c91-a882-bb8cf68341b8", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c3fc7bc9-13a1-52b0-8d4c-f1536e49b2fb", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4bf2022b-3bed-5423-9ea4-8c0c604cd622", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74fbdeef-ef27-54f7-9595-9b6a8ca49aeb", "id": "CVE-2022-34305", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-34305 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39145271-111e-5ea6-b5a3-7eb43ff83a1c", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4accaaaa-7366-5d41-89ee-8cc7368ba42d", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b8d7a15-ff1c-5662-894a-1e1b2ebcc2da", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:87824d01-0d41-572b-a5a7-ce5f7415d1d6", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:06cf47e1-b711-5835-ba2a-8c0110a774fb", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:95d38a64-3c79-5ffa-92ae-85f951e64248", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0517ce2f-536a-5e47-b4df-56535693fc54", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2d2ae78-58f3-50f3-b8e3-46af6c98403c", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e26f0072-09a4-533c-83e3-238c040e91b7", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e4fa048-2605-53cd-949c-74116cb96533", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dbe54407-7944-5c12-a3b0-e5e6998a024e", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:19dbc2ce-3d62-57a4-994d-f4f570416230", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0bf79013-a3b4-5e43-b4bc-3535ca7ec545", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1cf6396-0855-5315-9096-3a114923c35c", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1cdffcc7-30e1-5631-adb6-eeb6032b5fb0", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1fca8f71-b32d-50af-98fd-6a1049c5693e", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c3d32c91-e26a-539f-b253-618e020d60db", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:73fd8552-2e38-56e0-a097-ac054eb3105f", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca5e8feb-26e2-5d4c-b35f-a0d46ff8f4e6", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b37799e1-cbbb-55d2-bdb2-891c3a3fdc7a", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7168bce3-01e0-5c3d-9ca2-4b1a3f889551", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:292e7253-a7ec-5bd8-8aed-778481f45e0b", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1a5e48e-a7d3-59e6-9a83-238ef5bf7e08", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65accfd6-d4a2-5268-9b52-f6e0f0cc41e1", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ebeeb75-5c37-5c32-87ae-71afc60debd1", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3d9b3ea-4576-5aca-8ed6-f8f5f39a564d", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2945bfb2-62ce-5a11-b83b-e06f1d2ee676", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f59cfb5-eee6-5631-b0af-9bc2b14e1db4", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c5ebf32b-d611-5e0d-89ff-dda3ddd83537", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b259521c-f2a0-5dfb-8e64-6d2794985179", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16b17b32-9230-54a0-9482-b85985441bf1", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ab0387a7-e553-5886-a5ca-a012655d2d82", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c0510d57-f0f3-5925-bc36-ebf54b33d844", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:466b7b1e-4186-530b-8197-bf450e625570", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae2e86d8-56e3-50cf-bdd0-5b9db2e7c6c3", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6cfce945-7615-52ba-8fe9-15d2b4df10e9", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:37b519aa-c4ab-5c9b-ae7d-6a2086537e25", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1dabc175-ad24-5fc5-b58a-611e3174a308", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d145b985-21a7-56f0-b96b-d2d6b65d6bd5", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aef57d6a-9149-56fe-a5f3-8054ad437810", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.46-tuxcare.4" } ] }