{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a1817364-4186-5607-b470-0bc36c283d91", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-websocket", "version": "9.0.90-tuxcare.5", "purl": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:43489c88-7263-5531-a49b-8158b6f085d8", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:910f4e98-be97-5794-a144-3d7d67ef2b75", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2ec95027-c86b-50df-9217-d7bb3c5064b3", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:781d7ca1-2cf7-5c2e-9a26-601442d5897d", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b0e1b79f-be3c-5353-908e-cf2b24f237ee", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:89df4d54-2d78-5f0b-b529-aec71c605c29", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e70bc3a0-a542-5b5e-8f53-7a0bdb3c15ff", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:542df92c-f480-58be-b98a-507fbbe921d7", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2ffca440-302f-530f-aeb4-8ee5bac6cbe7", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:36c9530c-dded-5fe3-b9fd-bb2953db69a7", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f3f919eb-8154-5f07-89fd-15aca4ebd964", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:65237cb9-864c-5607-916a-2fe67ce3e6a5", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4c53e17b-ed7e-5aeb-bf1c-42bc052bb720", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8cf0ef8a-6a77-5acd-9b44-e926d1fd851f", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:202687a6-00c2-5a41-be78-a842e8433c61", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:44f4abab-2685-587c-9a9a-f4c83e2ceb8b", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:662a98d8-f088-5ead-8945-66342e33a0cb", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f9155f17-6d40-5f50-a7ef-c2a4798e3a8b", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eacfdba1-d48a-54d1-9844-bf8e6d8068b0", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a9e293e-2b38-5e37-bdff-d33da73ace75", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:018bff6f-ea69-5e7d-b171-d67189678ad0", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c2f29f38-e418-571c-b657-ab76daf36b69", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ed3380d7-9349-5d72-ac9a-dab6ad4279be", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d30e89e-1892-56d7-bc46-2be402f72a86", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d5bae966-612d-5cf1-acc4-a00ea0b27cb4", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:33f995ef-345b-5012-b244-8800298b079f", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:26866a38-04c2-5800-bc5b-73fca6e1b2e8", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2460334d-f178-56e1-980b-bbc0ba1e9816", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ba55ce8f-d355-5945-8a2a-ac0112cc2184", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:49d8d12e-1807-5a9f-a421-f8e51e32f25a", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fb7d31de-704e-5458-a3fa-2bb2356888e0", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:31f9d9c7-41ea-5b17-b55b-97c64f027678", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:952589f3-3168-5f14-8ed0-3bb38b947a36", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6384ae2c-6cb5-5b11-89dd-450c5578785a", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ff5071aa-57f1-596d-bcca-d4c220833472", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ad91860a-cefd-5567-b89e-e2c5d22d5b6a", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2edf398e-c378-5bcc-804f-135fc1fe2f00", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:34b8d574-e5ad-578c-a6f9-9cdf30f79f12", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:943e72fb-6140-53d6-957d-f5e8e4dbf0a5", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.90-tuxcare.5" } ] }