{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:739a6682-4f11-5bc1-820a-c1073553e218", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.46-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a182840e-0d1f-5799-af8f-2bb12a36790e", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:11032acd-0ec6-57ea-87e5-6785ddfb7f4a", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b6a520c2-1cf6-5201-95e4-5691bcd113fe", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a026121b-9455-521f-b315-a5fb481b0581", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:87ff8b60-ecb5-5caa-8d2e-a35815b1f9db", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a7b3a1bf-d19c-5b21-93c1-19b344d3dc65", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2341e3b-84b6-5c25-ae62-034f1b739d49", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc369355-8b4e-5ee0-b76e-c98ab0a8c3e2", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a63fd3d-7108-5fa2-b696-749041c7e93d", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7df8976d-67a7-5f76-9458-7f4d76ff6981", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6ecb181-a7a4-5233-ba36-ae9befb9b5f7", "id": "CVE-2022-34305", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-34305 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30232921-ebb8-59cf-a6fe-0153b89c3e69", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ecb09012-f8bb-531c-9909-c2e74d19b491", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b2d7ad41-f1a7-52cc-a994-f4e6e1820673", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2848cf2a-e8f0-549c-83f7-a24fbe61f951", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5ec5253-582a-52de-8181-051158bf565d", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c85ab09-08b2-5911-b262-8aa4697814a9", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57ab6061-c77b-5ca0-8048-acb27b1227a5", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f9a85696-a7ba-51e8-83d1-5f853580e767", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53ace7e2-98fb-56bb-87f4-4bd455382bbf", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db8b081d-c260-5ec8-ac3a-0a00a9d8c834", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0965c7eb-8113-526f-9955-0c187b365126", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a050202-9780-5d4e-b7c1-37f7b00108e0", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d400c3ba-b1d4-5ef3-a4f5-ae8986388705", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:11daf74b-473f-5d5c-85a1-5ebc3ed73137", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d250be64-3c74-5adb-82ef-a91bbbcea71e", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5cb76db9-cea0-51dc-9d8d-e55c1a45f25d", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44778d90-a495-55dd-a02e-57e1ba63747d", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9883b083-156c-5c15-8cef-b42e1f225e6b", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91135134-0101-5180-a4e0-9aa4ef76f73c", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9616392-9d2a-5a04-9f6d-b94b65399c00", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:43936f62-29b3-562c-84ab-a2c5be7d304c", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fec10153-cceb-5b24-b8a6-cc1c9b9db6f0", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:453940d9-2247-546a-a57f-f97eb1e4224e", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:80738660-1b21-5849-9266-5f47efe3f9a6", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:73cad54b-1daf-5d22-a97a-5f4ae1282375", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6dca6e37-93ce-5180-a50a-a95b429d2e9b", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e07386ad-30cb-5547-acc8-7f0825c68279", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d503d15a-fa4e-5ef8-8f4e-54b48bf91851", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b89cbac-0a02-5d6a-ae19-6ea6a07c9ec8", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61b69178-9085-5e89-8bbd-de4d5b1c68cf", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f5e10e6b-f328-5a76-b261-d367e31b8ede", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a25bb3d-1d02-5500-8ab8-4a128ff991f1", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ecc3fdf7-fb25-5348-98a6-64fa7946372f", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f12e514-2a4c-563e-a321-ae3940e51766", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4756c7ec-02bb-5cc7-a40a-731a5e0e121e", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:515203c0-ece3-5d47-8147-2c7cf3cff52d", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65325592-955f-5b52-863f-4c7d0cd9a8d3", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2e1da96f-cc39-59d4-a8da-f35086da1e00", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02f00dd1-a866-52dc-9aca-9192b9dd5cab", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a2c2ec59-26c5-54f1-8cdc-eba05ff58e54", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.4" } ] }