{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:75769026-8107-56b6-9909-e94b45f334fb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.50-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1a67d63f-e5dc-5aa2-b5d2-42817f1bf793", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79f6b4ef-624a-5cea-bfea-497addcfe9e1", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d44d0361-4901-55b5-9733-9b663c9d92f2", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fbffbec8-1974-55c4-8d32-478085dd1ff6", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:01de7e04-411f-505a-aab4-9a5e38098241", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9b18718c-55cc-5e08-831f-822ee30b93de", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51524ed6-c666-5bfd-b04c-8cbd29917bf4", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:076297e3-d33d-5715-824b-633a0203be0c", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0c440450-41f9-5c38-81b3-8f27a2c4ea63", "id": "CVE-2022-29885", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-29885 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da53744e-577f-5184-9899-9f037f0f87b5", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:775f765e-d789-518c-a96d-e5dbfd23194a", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4104260-afec-55c4-93a0-673158920e31", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41fa1281-9005-5d0c-b5b8-c4457cae982e", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abef40c8-bddf-5c67-9d0f-4d6750f9755e", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0aba3ed-69d9-5f78-a077-3ce6e2e17be5", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b23fff78-465c-53f9-9a1d-cb3c662f4248", "id": "CVE-2023-42795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42795 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4023d943-5e8d-53e0-ad22-05b0bf5584f7", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e739a79-c9c0-5beb-b075-1e2032c13322", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a7a2823-66a5-5161-ab20-16ef394280da", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e798170-4f79-5adc-b0a6-b188e4155d95", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1d9bef1-38c8-5875-9803-98a2e8968e00", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fbf427e7-c02d-5b75-a655-9a7c4a29db50", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16a54c43-ede5-5b25-b688-0de8fbb104e1", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e485bfb0-c0b0-552c-936d-90502a4b6a9c", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eab8823d-1082-5c8c-974a-53f2a766f3bc", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce5a63b4-1008-5f51-bf24-a77cae071a2f", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73669676-33ff-5b5d-bbeb-0eb058b9801a", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:09d1cfc7-0455-5576-adb0-9d7580602454", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d2311fd-ae16-5fe8-84a8-fe1c559b80cd", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:71e22636-6be0-5a90-87dc-7163ad9df6e2", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:39ffa7a2-000b-5219-9a3e-88082a482b25", "id": "CVE-2025-46701", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46701 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ee25feb-1a9d-5991-9659-38e780f05b8c", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4b2b826-ceeb-5bf3-9e18-63d503a68c48", "id": "CVE-2025-48989", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48989 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8769c004-3833-5059-8859-ce8e7c380e2f", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f73b937b-c231-50a1-87eb-46a93207f663", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5ef639d-5714-56cd-87d0-9d102e70c4a1", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:227ebe6b-cfde-5562-a128-caa5314c16b2", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ca13158-51ab-502e-859a-03d038dc0c44", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ccb98b0-5f8d-5d04-90e1-3d558ec9c85a", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:686704b9-5b92-5136-8cf0-54c3334a2fec", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:914dc1ba-164b-5d3b-8a92-92cb9897074d", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d4bd327-5b9d-5009-bd89-cfc82b0b3020", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5cb770d1-5af3-5e8d-9ca0-1a1ded9cc74c", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60c84daf-de5b-5000-805f-6b2e3fceb897", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:91929fab-bdea-5c4a-870d-43bc0c07a773", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6db3fa82-a7a7-51bc-9b2c-4f14e4a1eb95", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c573634-4161-593d-908f-df53f195d9bb", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f0cec69-5a92-5e3e-b1ef-8a851d639e0b", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:901e62ba-3b32-55cf-8239-fda7fe8b49de", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07297084-080b-5098-87d0-afd4b8dcbe04", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.50-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.3" } ] }