{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3df36ee8-5477-5119-bb8b-92180755a81c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "10.1.18-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:06965623-96f1-56a0-8f79-401170c8fc46", "id": "CVE-2024-23672", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23672 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3595904d-c4cc-5bea-9f59-08d9bac061d2", "id": "CVE-2024-24549", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-24549 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da9355a8-8769-5c32-bb37-2e9549398958", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98d21919-fca5-5074-9a51-1514c1b990b5", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9f7c254-d581-553d-9096-6336c557b120", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87ff6038-60e7-573b-98e0-330f6853524a", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:383cfd38-8e57-5da4-b91c-0d6b99859cf1", "id": "CVE-2024-54677", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-54677 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d9ee3a7-c5fc-5d41-851a-2da5a60bdb24", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df17b741-8279-5018-9029-d6f298e145a5", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c639222d-e6ec-5cc5-b6c2-9191493d8307", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c320d645-2796-5089-a301-f20954ea8c85", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7e6e7b2-9159-5c5d-baee-3ee66ac03a39", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eac9c332-bfd5-5494-b76a-833c1d7a6a68", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1488c3e8-c49f-5d44-b5d1-d9ec93dc3e1e", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d08ab9f9-a51c-55ec-9001-037e5cb77479", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:526dfcfd-3617-514c-bc41-bb3d0860aa68", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc88d17b-0f1c-5355-9a8e-ea8af935628c", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e78cfec-09b0-5fe2-81d1-f1c74eb7ca38", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb0798c5-5696-59ea-a168-87e358cef8a6", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d5df06f-7e75-5fcb-9e16-965a4b150e88", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79d2ca3a-87bf-5638-98ad-119187259615", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aedd3675-65de-5791-b2c8-4a481087a232", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5dfeb5eb-10cc-5378-ae27-6ac949a11dbc", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55470589-4fd3-55fe-bf18-d250324f0ae1", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe1fa481-1a31-5c51-ac89-64ad5cf6eea9", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3cdded55-5ea8-5cd7-a27b-7d2e9a4df099", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d44ce523-20c9-5b6f-a6f5-9332e2a83be0", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b78e4e75-98f6-5cba-83e5-7c3c45f9bd3b", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51dfe336-41f6-534b-a063-d7cf996257a3", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c45b95ee-a297-5d5c-8f7f-121b68c5c818", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a308f18c-11a0-579b-8031-dd3d4e9c9a6c", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c45896f-d99a-5bd1-923b-a752549bcb11", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.18-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.2" } ] }