{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2fe2d291-f40d-52da-8946-d63b95382cb7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-websocket", "version": "9.0.100-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:03984f8e-3ae4-58bf-beee-4004a8da84fa", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f692a7cb-eb16-5e2f-be48-80ae4575207d", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d8c3ca9-8d6f-5c46-98c9-3cebe87d6f52", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:59b86633-4963-5fa4-81a4-a6606cb10593", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a2a520c-4b0f-5fbb-8e62-242bc434581e", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d242e1b5-5346-5686-b733-3f1f30c6c783", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6647ca0d-3e51-5de5-a8f8-6f3b64db80e7", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:50bc43ff-074a-594d-bbe0-1ba33657e6a2", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:62238e89-1029-5ab2-82f3-3fc7298a9009", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f7af39fc-c0dc-589f-84eb-5e4419538b95", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fcc28c63-d028-5652-9078-b59ae0765dc1", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd5d0df6-fd95-5f55-ab26-dbc4871730a3", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2ebe8871-bfbd-5a06-87e7-d7eeeada69c3", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:500b9fd7-2c36-566a-8c8c-a25f01a9b813", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66e9c57e-9842-57b8-a23e-0726ad4b138a", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d55fceb-565a-54c3-91c2-b93cd609d702", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ddaa8bc2-d17e-527d-bf01-a3795f2d937a", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:92869c00-877a-5d4a-a886-cb3a4e744853", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e12a258e-103d-5745-bb4d-886a52434775", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d2c41b0-3886-5be4-9aab-2abbba092d25", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:87022f64-75fe-5f6d-8994-9356ea4a7f3b", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:55bb497e-3e3b-57d2-b833-15594135e9b4", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:85fb7dd0-40b7-5fb5-8e7e-092c54fe1e0c", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fe78be4-3356-5d4f-a825-f549a8950d40", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:865e8a98-4d12-5f3a-bbc0-39894e537d18", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53caf3df-7593-56be-a307-db435a682bdb", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9898f963-4e80-5313-8364-633ab661cdc5", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:364b6ef7-48b6-5fe8-ac15-ea94d5959aab", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:014a8b25-cece-5a8a-b366-3a243ee4d548", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6c1b3d7a-35f3-529d-9462-46118771e9c5", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8ab8ab6-e04b-50f6-8114-f3b04868a927", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbec2969-3fc7-5ced-b349-65f2fe115917", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44ea6b41-070e-5417-bc65-5baa664fbf48", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f95a0007-2d02-5727-9a2d-031bf40efa75", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aae2c3ae-efd2-521c-9172-7dfe61d4a7df", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce5757e6-a908-5f02-88ae-83e70a94afa1", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 9.0.100-tuxcare.4 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.100-tuxcare.4" } ] }