{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a34c088f-fa95-5a21-b892-458fe9d5de0f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.50-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:87e1e344-0454-55e8-90d2-c798040f9ef5", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2dfd3653-6936-5175-aa35-470ac20951f8", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:802f5431-39e5-5313-94c7-71cf49ef2f0f", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45137800-1adf-57ea-85da-32da21faec02", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e022ecb-a587-5fd4-82bf-78e79e1c4b14", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df94d83b-c553-5d55-ba11-efa10c2919f1", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad8319d0-2190-5107-af9b-c3bd163add93", "id": "CVE-2021-43980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-43980 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ebade3d-0e11-532e-a153-1c3615e4547e", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:715c9db4-1fe4-5258-b8b9-34cda759d96f", "id": "CVE-2022-29885", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-29885 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94e3493a-74fd-5025-af85-3e047d12dbc9", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56afde46-6171-52e8-959b-0cd948d7eadf", "id": "CVE-2022-42252", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-42252 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b71b1e55-9677-5e66-bbe9-c8e995e7cbee", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:348835ef-863a-5b3e-9ab1-5a5dfc770e12", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:497fc5e0-9d61-58c4-bf7a-3ab81fd69749", "id": "CVE-2023-28708", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-28708 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:209e15b8-5d50-5e6f-8d3d-d5ba36a19212", "id": "CVE-2023-41080", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-41080 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:897406b8-3a4f-525e-acc0-98b90c8d54f9", "id": "CVE-2023-42795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-42795 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80dec5b6-85a2-5f5d-affa-9e8d5c724b52", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3afebec6-17a1-5bee-9fd0-d5f6ec8017f7", "id": "CVE-2023-45648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45648 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9234e5ab-8ab6-5f56-b43e-10dcf55263e2", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f085b50e-d131-51ed-ba26-b0be9029ac65", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf4bae78-a7ab-51d8-83fc-706b002ba6de", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e29c045a-5f08-57ce-956b-d09fa9d04702", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fc7530d-d95a-54ee-a318-a98ce82cb664", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb3ed119-9606-578b-a4f9-d5f1cfb1a9b3", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59ad9dd3-3de7-5e82-8de0-2e7be219db7a", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5e370ec-624d-5ad6-ae7a-e03ae7d2e376", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a06340b6-ca4d-5272-995d-0f042b5170fb", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0260c0eb-68c5-5864-a5f2-c87d161df61a", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b15ff46b-35ec-5911-9c03-046d92128b0a", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7de0a179-8a9b-52bc-8270-f088408f2fc5", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86502cdd-ab08-5929-a6f0-88feddfced77", "id": "CVE-2025-46701", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46701 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23352439-b3f3-5b3c-850f-c7a3e80e9b2d", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93990bda-ad85-5b1e-badf-478a26d4e207", "id": "CVE-2025-48989", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48989 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ff924e1-40c0-56e6-a29c-2a64a5615cff", "id": "CVE-2025-49124", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49124 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fa11b95-cdb3-5bb0-9acd-50ca20ae3e46", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b68e0e4-bf9e-56f3-8d78-dfa35737b73e", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c41d7a4e-6f68-5844-8b0a-dea7d70dac02", "id": "CVE-2025-52520", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52520 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6204de12-17a6-50f2-a712-570158844978", "id": "CVE-2025-53506", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-53506 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbb99d65-6248-5775-b512-92a09f342e57", "id": "CVE-2025-55668", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55668 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d217f5d-8bfb-53a3-b6bf-df562e0d517e", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f75dcdb-9412-5b89-b862-c2649d1577f2", "id": "CVE-2025-55754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55754 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e53fd2fd-efc8-5096-8ba9-8bb5b56d16b1", "id": "CVE-2025-61795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-61795 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18c6c338-0617-5ae6-9143-ca531563e4b6", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:589fe659-e892-564a-b494-51c2b8dfcfb2", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:330b3518-a9fa-5a13-aa88-f7b146ff5cf5", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a55bd3d-c7a4-5589-95f9-93c4024f844b", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:289e2046-e15a-568b-9eb9-2c8d3005226a", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32194b0e-0e96-5699-9cc3-3b42adf04813", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c55b9ba3-e6f3-58ae-9b9e-e55f9a29dc01", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61e9cb88-42b7-58e8-acf9-56500d2a5630", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.50-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.1" } ] }