{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:80161cc4-ddcd-5fef-9931-5ab1a903d914", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-websocket", "version": "9.0.46-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:173d5fb7-07b7-56c3-8275-c8e89f8d4d89", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fae2f544-a9b4-515e-ac7c-89b351284b7f", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ba703cf-b7c5-54ea-afed-69bf72fd67eb", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31fad3ec-df3a-5ec8-9057-390a4b2001c9", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec9d910e-967d-5118-b684-09e34ea7246b", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d4209a2-333c-597b-b666-c9769bfef583", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55ce527f-1d55-59dd-a646-29be83658836", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d46af713-f43b-5f5d-9289-0208a831f18c", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab3b8e3a-9cf1-5d6d-85e1-eed14cc30499", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:682da8b0-bae0-5a6e-bb0e-b7e4599aed9a", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37b11110-45da-574e-9807-5c881bdb86d1", "id": "CVE-2022-34305", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-34305 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a42937f9-028d-59e6-818c-c8b70b3d4edc", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43c0dc2a-54b0-5acb-bdd1-c01ee7f716e3", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0888120-6bd3-5e27-b2b1-d25a36fda7cc", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5485b41-6b8b-5432-9707-b9ee2babf365", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5dc53266-a2ba-5a18-9ff9-2aa8a158ea97", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:50151530-e37e-5fd1-ba92-7763b1f36ba1", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:199ab9c3-2c43-58e8-9299-81d1b5c7d9ab", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d137102-1592-50c8-b5b6-d8d49566d896", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f2d479a9-bd96-5b14-90f4-e46ed503730e", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca156a63-a315-56e2-9caa-2b5a4105ae8d", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28e38610-16f6-5bac-812e-c203acb25452", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3b5a890-5d6b-5ebd-a185-0ee4401517f9", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2f86425-dce3-520d-9f88-73dcc87ab8e9", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae6b0a8e-40b8-513c-b85c-73690bc0c127", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:933945a0-f136-58c3-a0b9-13c2805489af", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a84e240f-b262-5d51-b23e-12bdf765d684", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d61cf6c-6f9a-5565-a931-5b8e01fae794", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fccff009-c360-5962-8507-03cf44a9a4cb", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e52c09e-57c8-554e-b1bc-4ea92dd7192e", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f0a5adf-8dd2-5368-b25b-953eb56909c1", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f52bf106-e7ad-5dbf-880c-ba1e5844c7e2", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f4383ea-c412-5896-ae65-cdb2a19be3bb", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7078bd03-7f83-59c7-84b6-10caca1b501a", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5eba2c0-7f62-553f-bb66-334c59a7b240", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cfc57a21-0cba-5b77-9112-2f7cf4ff46d0", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9511466-37c1-5787-8186-b8bedbe99966", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f4c1988-f14c-5663-b733-8db0ba06292c", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c0b08ced-9de0-580a-b7ca-fd1a1478c438", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e603376f-d51d-5123-b11d-2464332218d3", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af346ba5-dd22-5b08-8aba-2dbbb75803b8", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b012ff1b-375c-5732-a1a8-5e90a383548e", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c48a18b2-4636-561b-809f-ac802bd0a4d5", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02db9d8a-c015-5a7f-997c-6c142e3f708f", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d117a11-1d1d-5a88-a805-c6c179f14aea", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a5f6a231-a5af-5f55-9d1d-5f68168d59b2", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:433c11a6-7c20-5833-8e1c-3ec1428ebbda", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36c2965c-9cca-5f82-af0d-502ee848979d", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb6ad32a-4b04-5691-88fa-992eb3fd947a", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:124598bf-dbdc-5de5-9243-ab0d0c05afb9", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2df2d83d-9431-5283-b0e0-d7c8f774a642", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.3 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.46-tuxcare.3" } ] }