{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:84531d58-6c4a-5a74-bb90-5327687f72df", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-websocket-api", "version": "9.0.87-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a3757bdd-bf9b-57e8-85c7-1b45cedbeeff", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:13d0c998-fcca-5fac-8a8e-527e3dfeaf71", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7cfc9278-20f6-5f95-87f2-d4b7f77265c6", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1eed51d7-4ac3-59ff-8f21-a6d48b529c8d", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5820964a-f45c-5485-9477-40bafcfa82e2", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5787a08-6e37-5957-9a30-12742fdbabed", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f90acfd0-c673-5b5e-8be7-15778158b7d6", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6e13715c-41bf-5c26-b9e1-b2552393716c", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff64f2c8-27f9-5e70-8c24-ec44e2241277", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:380c7ecd-b97c-5a54-8ef3-2424406bb790", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b191083d-4cfc-5f33-a782-6b3757c016bc", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8818a33b-5b86-536d-8e55-0cda5526a590", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7bfedbce-8295-534f-b776-4fc12f99edb2", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2bd22752-404e-5652-934a-94a0af649719", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7af8f50f-12c8-5d84-bfb9-4150d6c27c6e", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40da2d58-9997-5290-8508-adc5cdc42e39", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b170d10d-1996-5d20-96d1-843800f61184", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e4d4762c-fe75-5b15-9fc0-b6dae8f34f2c", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7eda3e2d-2d31-55d0-9c99-0d5ce0aa3489", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cdc7c972-165e-57d2-9fc7-d55f5c4f3ecc", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9147c169-3a1b-572b-aa81-576645ba7266", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ede27074-9e8e-518e-995a-7eb23fe4d41c", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:213b50b8-d6f4-5531-a543-03980eff3141", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a174dce3-4758-50e1-ac23-cd8df41f1998", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:387201f0-6053-535c-b96a-6e7ce9e2419c", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5b93d37e-00cd-549f-abb5-9b572ddfcb86", "id": "CVE-2025-52520", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52520 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4eabc069-d895-5ce4-b029-3bdae42275d0", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39e8853e-a3f6-53e3-b3c2-423ec8ab2841", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b94190aa-502b-5c57-8dc5-0c2f48f7f454", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c4aa8c52-02a9-5c03-8c0a-13920df7ae6a", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:476a74a5-3f6d-5cb0-96d5-ff2c86cf65d6", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:23ff8e3e-9b1c-544f-909b-c8c5c6d3a64d", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f94b22f-5736-5066-b414-965a6a360036", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:87df7cf7-08c3-54a6-9b52-2e5419905b70", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:be77d34b-0e50-5b1e-9f71-a2f5421e84c6", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:382ae9de-b30a-5f24-85ca-1e2a71550da3", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:161dcb30-d6a0-556f-b582-4ea6c08c80a5", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:301deab9-45e1-59a9-a80b-bed75632c587", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e0b8365b-addd-5c79-9e6c-c36803749625", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:51204985-6167-54be-b086-15713ed62351", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:712e6116-35ee-510b-bea2-3b7a4f50ac39", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat-websocket-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-api@9.0.87-tuxcare.4" } ] }