{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4654e7da-9ecc-506e-aa30-69a992361e1b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-util", "version": "9.0.90-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3e552c43-4346-5d90-8184-1fa0b2fa099f", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a706ee5-5b1b-51c5-9bce-a69c1f1c629b", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19dbe080-39c3-5816-ab3b-88837fc44e1d", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3445ade-b674-5bce-bd38-a36abdd3f93a", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10a238f0-8482-5958-b228-830222b6273d", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:577ea0e9-ae4c-5037-81d9-2a8430f168c8", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22b836fd-95d4-539b-88fc-f22fced2e01f", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23259735-30a7-571e-933f-de00d2b6929d", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8571824b-9fee-53a8-98ec-f5e43a7bde13", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22e1fca9-5f32-59b0-9f9c-57f7c47ca5fd", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fae4e1e9-cd05-5505-90e5-f05a3262a954", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcfdbe18-6b36-56cf-9e2a-1b47ed306b49", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9029732-a5d9-58be-90cf-9ec3155b9819", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77c25367-6adf-57e5-aeb2-1ad9974c836c", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2ba4f1a-0614-58c2-a780-ed2d54c23887", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2126693c-8215-56af-8bde-67ac65005dd1", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:438b5934-38a9-5ae0-90dc-3fe485a76ea8", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdb3813f-c557-50e2-9a42-1fdb8a10e435", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e50e4a1f-2fd1-58ea-bb82-19d858415b17", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c84b7a22-c259-5ef8-8a74-c3a061de0982", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d08f9859-18a0-56ff-917e-a1ddec08b537", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7364fdd7-fe81-586f-b3bd-33f4576d952d", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21661fc9-c002-5a36-8ffc-49037fea4ce4", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b858c0d-7950-5ee8-b103-a6adc5f69474", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f7eb2a7-592f-5645-981b-39931e62a0f2", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f54737d2-b6a9-5117-9846-1b6cc0c64d29", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0aff4795-d93a-54e1-904c-d509a96858cb", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91b085dd-1263-5d01-b9e8-244d605b0068", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24078ec7-e6b7-549b-b0e9-e4add6daf23f", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:993865aa-da3b-56b5-a549-313b6cf15eb8", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ad8625e-4b13-5525-b990-3e86bba9e95c", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ee93c1f-775f-59b0-8ed8-b2689e207f5b", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0d7d225-23a2-5a95-8468-eac626c9f955", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9f631ee-82b2-5227-8b79-57eaf7ebfbf0", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f2728cd-9f7b-5900-9a77-7e07ca6e07ac", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85dc5820-11a4-5824-91fb-098c39ac6a64", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3d667eb-7e9b-59f2-9ec0-6f7d357a4628", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0598e2f-6481-59a3-aac3-29bd40be17d2", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:107e6a88-0cfc-538e-a5ee-323eb3b93b73", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.2 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@9.0.90-tuxcare.2" } ] }