{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bb0cf2f7-8758-58d7-8d93-80a699f2595b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.46-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:76a8a114-0637-57ff-8c32-8127e76c789d", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e415742-f090-5718-8db5-a6e4bbd044e2", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7415a17-25da-5b17-acba-62659ca1cb97", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:333dcacd-351a-5425-a767-8c420d51f5f1", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64371032-35ca-597e-acb4-48ee7033741c", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdd6030f-6e57-5039-8ba0-736da506f3c2", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bd03223-91c3-5348-aa96-519ff6d9d4c0", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:113f54a7-8e8b-525d-b6ca-86d1e5c2d2a1", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c967aabe-1502-5b63-9d68-e621cdda0d1c", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:252cb8d8-c23c-5f93-94e6-dae06e479e08", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93ea2473-6966-59b6-b19f-37f77a43ec3f", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8009459-1dca-5cd2-8111-161b4d9bd471", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57a2e56a-3fad-5137-b685-14083d67816a", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da782561-81a9-5f56-ac41-fec37a58eee0", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7044f8e-f3f8-5b66-a6d3-2429f7ae51ce", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ac82bec-e33c-53d3-aa06-fbd6aa47c958", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e545f4c2-317b-590c-b038-61607569ceaa", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee42585c-ed9e-57af-bf58-8df6edcf5a24", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b10b55c-f3ac-5eab-96ab-676ded9ebf4a", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fe315dc-7bf2-5cfe-98dc-5a90ef5e72fb", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d467535a-ec92-5383-831a-22c11c9d7961", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb6b1424-21ff-5879-a26b-7202ebf176cc", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0d4af2b-844b-5960-89d4-e63567f9adaf", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9123cf8e-5436-503c-b6e9-0b94da3d24ae", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3f8f796-dd3e-54db-9e01-149217e26a9b", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8aa95a8c-ac45-5ce5-8f9a-f60ec616a7ed", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9067366-0643-58c4-ab1c-b85cbed59a44", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18a5ddcf-7ad7-5c53-abd2-1f86fe2c11b3", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7cef1013-070a-5f74-977c-cbd88a0b09db", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf4ef068-1717-5f73-bbd0-f59b99b96b49", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bddce427-8ec4-5582-99b7-8b1f499d40e8", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cc66a43-c333-5ee7-a27a-37afe99fa82a", "id": "CVE-2025-46701", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46701 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be7aae95-871f-5322-8309-a2a796e7cc6d", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8284d88-8273-5849-b4f4-64d199bb066f", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d6d6138-b4a5-562a-b09f-61350d516073", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98c31f09-b1dc-5609-b8a9-bd6286dc2898", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5210c958-6386-5f23-bfaf-4d20d600e952", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17f5be7a-5b24-54cb-b4fd-38b6aaa0161e", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9fdb150f-108f-52d8-a227-7ef1b1f8106b", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9cc241f7-18f2-519a-8110-801ad1d1ebc6", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da887337-2fe8-5a35-b951-29bcb41ff3c4", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18aebcb8-09f2-5164-a89b-39a0835fc666", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b07a675b-8e3a-5d58-8e07-bd798d3f3e1b", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e16bba5-5bec-5e66-9745-07a7bb300ace", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe6e6688-bbea-50bf-88fc-11bfab40b345", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e2184fa-3402-5326-a288-8f13c7e8ab85", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d3279aa-fd47-52d5-a405-f33de7ac84ad", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:233149d1-36c7-5740-bb7d-4bfe082b55e1", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:382b026b-50a3-5ebf-9bcf-90332471ccf2", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:773bdfbe-6681-5e71-967d-aac3cff20323", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e19a03a6-5c7b-5b81-b7ad-ae4410bd691c", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.1" } ] }