{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:132d99bf-ef65-5364-9796-33bd6a7bcdff", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "10.1.18-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2796e062-13ff-5f4c-8d8d-eb915033d4ba", "id": "CVE-2024-23672", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23672 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d694d4c-2751-58be-9aa5-52bb50646349", "id": "CVE-2024-24549", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-24549 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93efb14f-9963-5ad3-806c-ef546b4e8e82", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:518daa93-f985-5e98-b18d-92fa6ee3450b", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d78758ff-dd05-5947-b9be-f040811ea305", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5674455c-5488-5147-913c-5858f99bf422", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c2bb120-c122-559c-9cc9-986a02954892", "id": "CVE-2024-54677", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-54677 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:987d4613-a6c0-5efc-8954-86dc5ed0d770", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b783320-5352-578c-b88b-a209c98e7e4d", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cf0a261-4775-52aa-9a5f-608045127e7c", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a331292c-978b-56b7-b96b-24b02ddc9123", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28ed91c3-7f25-554a-b87e-9d02fa79e5b4", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:699eaebf-9c50-5d4d-a6e7-ed002e0b2528", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:edd25d7c-6884-53f1-a747-c07a71ea48fd", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:287c3e59-2c69-5786-beb5-d0f654b2deaa", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13b8bc44-8d59-5e40-9905-149fa24d0451", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:730e3c09-2cd9-5597-b1e6-6525f71e7d4c", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fee9f250-e044-5ede-a756-64d95339840a", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f3596d0-55bf-558f-bb31-c5203d989c8f", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd8fefa3-5af5-5fcf-b9a9-0f6e26cf531f", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:397bbd4f-e8bb-5000-886b-3124331841cf", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53c408b3-1285-5e72-bd2b-92387a248cdf", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5decdb94-96ad-5bdf-9e19-a9e0c4913b43", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03fc494b-5618-5398-a6ef-e6dcd4f8cd03", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13f24e90-ff2c-56bd-a013-7e7fd88e9807", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08549ae0-2afe-5950-9f94-a5bc914d8aa5", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49ea4f76-7dea-5ecf-8f13-ecc7d0844469", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0208302d-37de-5930-8621-317b798d9647", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d4b6c8a-2019-5a3b-bff0-d9248865ee60", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d331ca9-398d-5e6d-9f66-8d0205d65ac7", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41619c12-e0c3-5bcc-b932-f7e1f3d15471", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7233527b-0452-5775-b313-77735eaad8e5", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.18-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.1" } ] }