{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f89b2f63-3313-5af2-93b9-b615d561da46", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.46-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:06aca4d3-eed2-5429-8349-28bbf70ab93b", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0905042-70c5-5635-8c35-b2032614c106", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f94dac1-1447-5801-8b7a-9493d4c2e1b8", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c32196f9-5fed-57a0-848b-318cd84a113c", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0384ad4f-7224-5c1d-97d9-1522e73f3980", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09eb75c7-f6fc-59d0-a0d1-8df151bc5894", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d164e161-4af9-596b-bb8f-78e35c5c2d14", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02d12e19-c02e-570e-8eba-5a9240bcae8a", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65fad49a-11f7-5c86-a172-78f4d016b6d2", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64055f6a-d90c-5cf3-bb67-6bc54bed8e8e", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49025701-61f4-504f-a744-d9340297ab14", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8e1a5c7-8460-5fe7-8a5b-57507f399ef1", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38f98947-d4e9-5574-89bc-f5f95f81c7ee", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1bd4a7c7-6531-5de0-9f73-dab0a94471dd", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:790a47b8-1554-5dbb-b7d9-9979d8630507", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:666bfe43-0566-557d-934e-cd85246a636f", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:affe2337-e452-53c9-a976-576f8ef1d408", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56f54bc8-c58b-5817-801e-1ce0b638769d", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45d21f6e-c0e3-514c-8293-352c9b31ff8f", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38cd59c0-162b-53b1-a4ac-a6b4e6cc3f74", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1531953-976c-5cc9-8103-9d0071a7f7a8", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90d689af-a119-5500-80eb-b4be26b33bdf", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aab9eef3-b73d-5ca0-be20-96cd52948cbc", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f75705c-54f6-5106-9b2c-9cf99e904c5a", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdae237a-2adf-5b81-a472-b345660873c4", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e18bee4-8e83-583f-9220-e4bf6cbc3271", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab93ffc6-f129-521a-9d03-29f9a5c9b0a3", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9aba8fc7-d0e9-5ace-939f-895ab2b912b4", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41887f39-9a7e-5a45-954a-890648ac07a0", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:943c57aa-0cbc-508b-9583-6d2f74afd5e0", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97ca7dec-a6d3-5ae8-8f20-5d211ac8c9ac", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88eff8c0-af9a-55fe-9657-a48ff4366cee", "id": "CVE-2025-46701", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46701 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3997e46b-4feb-52bd-b421-112c774c3896", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1318fceb-b538-5060-8e4e-b7895575cf96", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8274bc38-4d7e-5269-b970-8c8f61d1a0a8", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fb6d1ae-1ad0-536d-9fd0-8874e3b17eaa", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c5139eb-fa7c-5a0f-9d12-bc93d7b24531", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b001fd1-1139-53c8-893c-ebd6a36d55ea", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6beb8478-ded9-5ef2-bcdb-03e2721acbfa", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ac858f06-f7ba-5b37-a1e6-d26763a0d5c6", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa3d7a7b-61ef-5280-9783-59f133b1204b", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d98436e7-f016-5773-b0d1-14abe2a3c4dc", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3238395f-02e1-5da5-ad94-ab3888b4334c", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:605cfaea-7eda-5718-a456-7020e4792db8", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ebcd31c-4ca9-582e-84c8-325263082206", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5fe8dbc-5f12-5fb6-b871-e3fd3803be17", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db671b31-7374-5d53-86a0-2525f543a6d3", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46c21004-09e7-5c5a-a1ab-2cf367e359e9", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24132986-b1c2-555e-bb40-4752788acb62", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba373fc3-ffa0-5a49-b3a8-dfb8eeaf54e2", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fda60ccf-7cee-5ca4-a084-520e5731cd18", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.2" } ] }