{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3aa36091-697b-547e-8840-40a5cee2678a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-websocket", "version": "9.0.46-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ca66f91d-695d-5ffe-9af3-da368d22fdea", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd41c6ea-e236-5b01-9ebb-77fe074b7e75", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc0eeadc-098b-5143-8bee-193435188677", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2840c08c-7d14-5d93-ac54-3ad646ac9167", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:661c9a09-5048-5d4c-a403-86e84a38d171", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60f766c2-fdd5-5f2b-94d2-4aaff5899757", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24333920-3046-58e8-a304-cfc54973b1f6", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:adf4b810-80d1-5405-a368-bae82002b204", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08dd0b12-ec4e-5b02-b843-907ea35c7eb7", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c02dea82-4bb6-552b-aa11-9aa4f8ee05b5", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf10c93c-b801-57af-9870-4d38ffb38ffd", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2cdb5f5-3bf3-5ca8-b81b-0ec35b0fbe7f", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f410e8ef-4725-5402-a805-3b2bf9a154c5", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25fc0c80-baf1-52c4-afbf-c657416e483b", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf622c5d-b50d-5ecd-88c2-eb9ced0d22bd", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d0a1376-24dd-5c09-92ba-465e04fae244", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11ffb5ef-f449-595f-a617-66ab110bb4ad", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbeb56b6-70c0-5482-abc2-c44458d6d96d", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff1f41db-389d-5602-9e74-22f8b8ca8687", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c7dad0a-6ff8-5db0-a755-769b7deb4f74", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6fdbc07b-b41c-5cb8-a6e4-fc95ce43aa63", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e6f1c90-d27a-5edf-8d63-1b73d5a819d5", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e521edb-da09-5fc1-afc1-82d512941c2a", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb661d27-f573-5f77-b953-75a538f58f93", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6dbbfab-a412-5234-9d57-100a55d77316", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b382ed4-0fae-5ba9-b4d9-da6d2f24a146", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c28dde72-ab65-5777-9f0f-316726d16eed", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1802401b-953b-5473-9d9f-e81c977120a5", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d733a8d-789c-508c-9ec6-c8c32080fb2b", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb40c7fe-bc53-5b35-8a14-4c783e99f3fb", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06330b3c-7e18-5980-9629-eba4e37199ff", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:897e3a6a-cd78-511d-b08c-fedebb16d4db", "id": "CVE-2025-46701", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46701 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fee9cd1b-7542-5134-99ec-28841cdea231", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:132ac123-8a00-5baf-9d61-42bc0dd0f366", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba2c2735-7acb-5e10-8e41-30538b3890c9", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f60780b2-da72-5811-9b3d-c466e241c58c", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa9a4ce5-b77b-5ed9-aa7a-b59a33725bac", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01647e0a-d324-5acd-bcf8-6bcc570e6ced", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e6f34ac-3f9b-5809-9cfe-521e661bed53", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90472048-c1bf-5514-a07a-38ddbe57a192", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c52ac6b1-31e3-5ada-af16-ccaad97c46c1", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e8a824c-37a0-5eb8-a704-c78ac1058391", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f4d2f20-d54b-5940-baf5-d07cc114fda2", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0deefebb-0e92-542b-998b-f1e7abcffbfe", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ced4494e-12af-5254-988a-cb38dae9764c", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef31bf02-64aa-5140-8268-889ce79f0f3d", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e02b5334-f6cb-5e00-8dc6-cc7820aec37f", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d987ec3-4a06-598e-8ea8-a82171fd9968", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4d2510e-d5ad-583a-b8ca-b1b44139478f", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a72bb207-f8ce-568d-82cb-3970bbe54649", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6d36383-b15e-5890-984e-6fb86c5a2a09", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.2" } ] }