{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6c2a102a-dc6a-5792-be2b-b34f5e1e7003", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.100-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bd1d3c83-d1b5-51f1-b713-598531bd4b72", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27982282-cf52-55df-81e5-c8e6929a9a9c", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32ae2aed-ce4f-5202-9f5b-07123495bc5d", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80f23944-cb4b-5312-9d80-1b7b50b115e4", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18ca92a6-34ce-59ed-bcff-dd50d16fc964", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce5f48e1-2537-5b07-b41b-5f7da18c590b", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2aa89e5f-3a4c-5416-a27d-1513832c45b2", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:493cdef6-7242-5279-abc5-6b34eab5802f", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16ea6ecc-fb7d-5c96-82b7-c785a3e125d8", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b374e72d-4438-5367-8939-a8260e919717", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b640be9f-07ad-5d2c-964c-abbef541f4a9", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab1aac7a-da1b-5f9f-b873-1699cb77374a", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdf3a8c1-80f3-5cc2-8354-0ee9a918105c", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de6034b2-1301-5a4e-82ca-79a7656f190b", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81e50e8c-41e4-543e-a57b-9153d2f35f1b", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a898d2d-bd3b-5789-89d8-a12ef9feb705", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79f41cab-8b56-573a-8b8a-863b7551c07b", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e295d2d-dd08-5b5a-9e84-6cd93cfea1b8", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:504b8f39-2790-5ebb-94df-6d2e4fe8d973", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ded7834-d239-5522-b32a-c63c3a30b905", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdc6857f-4351-59dc-9eeb-9b0fcd81bbbf", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c07d09ad-73f0-5345-a338-aeb76ade28f4", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88927598-2476-5f36-971d-a561bc9ef778", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d103a07-8975-5b50-953b-e754ee5158bf", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9a5385a-5245-5cb0-8069-1a7f6400f5e9", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6da8bbf1-4570-529f-892a-aa22e4db9aca", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d7cbd33-8821-53dd-bfee-8cdd838a7b6e", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76598eac-92dc-534c-a549-56f51633fa9a", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68d78eae-db70-5896-b28a-43ea1ffc0871", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:315d3182-2a09-5c11-95cf-9dc67669cb21", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4d445c7-775c-53f8-8869-1f539d61d020", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2dc53b7-6b50-5c21-867a-96a07789722e", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc622dad-1176-599e-87a7-3b5765aaa917", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:692779d9-6a7a-57eb-b83e-b8a6666079a8", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08fdd516-76fb-5580-8751-d99ac9d9b6cd", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ffa63fa-7fd9-5454-aba9-caa3a377cf44", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 9.0.100-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.100-tuxcare.1" } ] }