{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:66799466-97a1-5656-8744-3126bdb57616", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-websocket-api", "version": "9.0.87-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e251232c-b9d6-52b8-a0cf-080190039f42", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0aed93a0-d102-536d-9675-e1a85b9d62f4", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:874ea884-7747-56da-b1a4-6a2d117aa71f", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67d0ad9a-437a-5a37-980d-91f4ec67942b", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e2bd76c-8770-5760-97e7-4a42593c0b39", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f649502-4f79-58fa-99a3-3c6b3b61cce9", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1840fd5b-aa85-597c-a6dc-addf95a398c0", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28967508-9fae-51dd-b20e-4ad0da6457b8", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22e8c38b-2333-5736-b0a7-87a95b0d4383", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:654ae82e-ea6e-54ca-970b-e7f8e32d2adf", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:edfdd8ab-e27d-5ff1-ad22-aa6683def4d4", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5146bc2-ee7e-5a2c-8041-3cfb753bba18", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6616b754-2fcc-56ba-9113-ca1c7053a4af", "id": "CVE-2024-50379", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-50379 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f14988c5-5389-5047-af75-1e370cee3ff1", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b35f277c-0b71-56a1-9e11-75999fad6cf5", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf130254-b151-5ef1-873d-07113db4d814", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00c6b0e0-eb1f-58e1-b9e8-0af2938bb7a2", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4de1c25-358a-5ab9-9c9d-fa4cbfe325d3", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8bfb12c7-e9a7-55bc-a008-d4b47fb097bd", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e86846fd-cf45-5461-87c1-be78984e006d", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc6e9c17-05c6-5205-bafb-1912b8b7ee26", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9c43f36-6d09-52a7-a2a0-f311239a9cb7", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abd4391c-551d-5028-a3b5-8d5704d9574a", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a220f105-0b73-581d-8a3a-6b42eddee8cc", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b10d18c-ef95-5b40-8df2-ccb0fb6d6720", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26966871-c301-5b5d-b8b4-ba721548ebd7", "id": "CVE-2025-52520", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52520 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bbc3999-3a38-5199-920f-bc2008328f4a", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf868b2a-0096-5d6d-b979-6364fbfda3ad", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f353b4e6-a4b3-5877-b0a2-27c76ccf9617", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b2b01a1-80b6-57f7-892c-26b4685f157f", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba1afeec-bc59-5f2f-a0f5-879728fb6d65", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79b6d1ce-60f4-575a-bd94-ccd5d1643753", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dffebda6-e053-5b98-9d75-d241379862ce", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6ad0921-b4d9-512c-98ae-3d5665a19227", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5dfd4a5-a3bc-5cc4-b9fb-4b93787111d9", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94db99c5-a775-5d6f-b5f6-082f07e9fc01", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b134e4b3-c06b-5775-b793-6127aee861e9", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad943c51-d51e-5f1e-8c0d-4b9ae8405b98", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04987c31-d920-5e94-bdf7-cdb3243b0655", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ac6ed34-32bf-550d-86c4-10fd8f703f11", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d4173c2-6dde-543f-9ccb-cca8766ac456", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.1" } ] }