{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:55b6ab53-79d0-5f03-8dff-03af89d0f1e2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "10.1.18-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:020d395a-7aac-5b4f-8bdd-0167eb03af66", "id": "CVE-2024-23672", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23672 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ff89ff3-bd27-58e0-bbec-4f7f5290f987", "id": "CVE-2024-24549", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-24549 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:518d24b7-df7e-52b2-bf08-37deb1500e9f", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3027705b-526f-5052-8fcf-6521fae1b108", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7471e563-f29e-5a58-89d7-75332964704f", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf924c39-a53f-5ebc-89a9-672c81890f99", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ec23b4d-7a4b-5f48-a34a-d98f337bc8a4", "id": "CVE-2024-54677", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-54677 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b61d8697-2a17-56f3-bceb-23b6a1c38105", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb2682a0-4d05-5ec4-997b-39981afb7518", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f766898-05f4-5d4b-a4d5-5f12cf25737c", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a601d2f3-5f47-5b85-8c99-dbe4244a6aba", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:529e3695-7a10-58f5-ada7-e51a99e827af", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb3fc154-c336-5547-af5b-aaf68ab2888f", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c31004dc-294e-555a-acae-a049c6f315cc", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:df20aaed-93d7-56a4-9478-6fb27cabaf21", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6841b8b0-6520-53de-893c-20c2f834f06d", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c65f5e3a-7fef-5678-9cbe-01c0b6fe1ec3", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea780e35-2e52-5712-94cd-405043498806", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1b49d1f1-4e0d-562e-8b52-112d0371ffe0", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4dc9ae38-0de6-5bab-bfd8-61bf825cb43a", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9bb6cb73-f166-5613-84c2-3c87bae8e237", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d8f3f1f-6483-5791-ad91-482e8a33c770", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5944c108-9b83-5d97-a795-bad9eb1bb36b", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f4fab55-82b2-582c-a6fd-21d2b6c7db07", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9eb9edb2-5f18-59e7-aef4-05dc98023d7e", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:91f295f5-afa0-58a1-8a7e-80b40584b536", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36f563a4-2359-5031-b65d-c771dc9058a8", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:517fe5e7-f9b2-5366-8ca9-f44ec700bf73", "id": "CVE-2026-29145", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29145 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c4dfb3a9-aaef-5bfe-a732-d36652005ec7", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74be3b14-c0ff-584d-83a2-f0618edfb1b6", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b680c143-bfd0-5df2-accd-01046fe58746", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05b2d485-eb86-5a27-8700-b0ccc99269b1", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.18-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.3" } ] }