{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5c08902a-b8df-5e83-9747-f485e1c2a4d5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-util", "version": "9.0.87-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b82574b7-1353-5339-b0b2-324efb7c6129", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b3f84cc-15e9-51f2-9f56-90160a97ac0d", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f89a8f16-5ed0-5820-acdb-6aa3ce961497", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5adbc26f-3958-5647-952f-bca1aafe22dd", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b18f7438-57ea-5921-b4fb-25549e743e1e", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7199ac45-b550-5d3f-bbd0-b312afb8b139", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af6a5f7a-8ab3-5d28-8d6e-d5858b1315d9", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e047af37-d0b3-5c6d-a8f1-4a391c650419", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63cbb3de-4e4a-57b3-b658-a63552d626e8", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ac9830a4-355e-55c6-a02f-d8caaa7d41fb", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7bded5b-7190-5e62-b6c5-5b32828956e6", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d131f36-6fda-5f84-88a6-174ec6547836", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b26afab1-c9f8-5afb-b1a8-f407e7524d19", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd3effb9-4101-595e-af94-c1d57949d71a", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d020e0d1-2354-5942-94db-28ecb9e67765", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:addca51c-170a-59ed-b58a-93eb3e156c69", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b937ec07-1ff4-50c4-aa0a-bc7f1a5ee030", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78348e39-606c-5fdf-8866-0d9ace55d17c", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f224782-e2b3-537c-b1c3-fbc77fd7b64a", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:835e9f53-867b-537e-a438-11e5414034e0", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb43f8dd-98f4-5db6-8d33-f81e1edcfacb", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cacf0345-87f4-5183-895f-660c283ea2f4", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9dcae5c-dc1f-55b9-a386-80c4b88b1203", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65736262-2db7-54eb-bad1-2892ef294418", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f18816c3-30b3-5864-8614-23998b413f30", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f4b2886-e564-536b-9721-714672c4e7d8", "id": "CVE-2025-52520", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52520 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b6f1aa3-5087-5233-9cc1-443868da2231", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9747e510-9d9b-53ef-98c0-6e3741056f03", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c55b754-9940-5b21-984e-5bf2502ef531", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0042ca97-e1f0-5789-8069-fabe9bd40f5b", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a4e1e5a-3578-52b3-b6f7-b8bdf1228737", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c61830b6-4771-5a9d-ab0a-500fbfddc69f", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8bae6e8-af9f-5f0b-b76a-3fe5f091e89b", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8796454-86a6-553a-92d1-64b5bfd71604", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aae0e7bb-a6fa-55a3-b234-d9c3a1bb8cfb", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e199804e-9c61-5422-b6d8-2bfac2334d49", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfab6037-c4eb-55d9-9234-222a6c233433", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0be1065-aefe-5e7e-b828-2805188f5f59", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ec90557-d39e-504f-86de-5fd23ab68e88", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7bc2b53-3e16-51e6-9a58-d4a3724b3d5e", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d1dff86-2799-5db1-9a51-acccaa2d1987", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.87-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.87-tuxcare.2" } ] }