{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c4b7157c-6797-585d-b64c-53fccd92976c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.50-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:866068d2-9fc6-5a00-b797-894eedd0f37b", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:926aaa60-af19-5123-89b0-742e6fcc957d", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4e94dee3-b75a-5785-9f77-fa131701cae0", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:77cbac01-0196-58a4-b91f-350534def338", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f10e03ec-b36b-55e2-b0a7-d7a9e4cf3248", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:608c7484-bf3a-5997-96f6-edcea7890894", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cdab6538-0ad0-5129-b83c-f1fe9844ce3b", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b2d31260-b384-590a-ad51-216ac8927bf7", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f07d0c6d-3b20-526e-b498-795ea0e9421d", "id": "CVE-2022-29885", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-29885 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2756f43-256f-5aee-9431-8ee3b8243452", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:36bb05ea-1592-5fef-acef-7bb5d64d8152", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0267bfaf-cf2e-509b-80d7-64a45e1317e8", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:be2112b4-091d-50bf-a512-8079605b068f", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:991ff2e2-8169-51f2-8f80-416bdcf0efb6", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9d59897-6ff1-5373-902f-ee029e8d7cca", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b9dbfea-e72d-5996-9009-9133ff069dbb", "id": "CVE-2023-42795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42795 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b609c9f3-641c-5df8-84be-68c00fd02ee6", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5af2c2f3-8791-5722-b7e0-ae5dfe7a4b35", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:777738fb-1f8d-57d1-9612-03fed47d1720", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b073e7db-03be-5ef5-9111-79ed2fab5362", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c442f40-335f-535f-8a5d-16bdc7e35733", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0f8f5262-c94f-576c-acb2-3039c5ed7b21", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:680afbb2-0463-501a-9a33-617d51f45313", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78f6c1a0-ea10-527a-88ac-9050cf44db89", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:33b5115b-e646-5911-a91e-33384de77860", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef04e84a-b9bd-5934-9d51-64751443f0ed", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ab15c427-c373-5a71-9ce9-2add8932b881", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32a54b6b-50d9-5f7b-a163-17835dbc1e4f", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f701b95a-d4dc-5b2e-bf5e-ad416257c976", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16a40ac7-178c-57c7-a49f-1f9f67671df3", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea91466e-9b89-5a3e-83f9-1739ea4d4a49", "id": "CVE-2025-46701", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46701 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de16798e-f748-5c05-a2df-56a8dade92b1", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b9b4663b-baae-5f9f-9771-826b377edd50", "id": "CVE-2025-48989", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48989 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35d07d28-7505-500f-ab14-4d71ea5c4130", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d5c632a-2e36-5a18-830f-9a410081a509", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:832f4c8b-174c-5023-9865-953cb65c4679", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45f3b742-04e0-5866-becb-7afc78759868", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d95d1ce-1fda-5e05-9b88-06290c4c53a1", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:55fd41f8-0dac-5097-8e44-f126bc30b30d", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:627d4799-f127-5e5d-a156-5c9a8c86e78f", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d0fba813-0c8d-5fca-bfb2-5c001d608b70", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a3e4333-b059-5b96-8f47-b892123534c8", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49df350a-ae65-58f4-81f7-3e0dbe643646", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:be6c1d05-2656-5b9b-9bac-202fe59577e8", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ead5a7e-c5af-513e-8f6b-6f12baa91379", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2734f009-7c26-5c4b-b071-a2a66a5e359a", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a8974db-ecb2-5bae-b651-0a5d5c67dc5a", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5d128d7-9379-56c1-927c-d2551b39c9f3", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3621b098-2df5-5b4b-b976-5afb4f3643f9", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:464b0b6b-ebdd-585d-91b6-608aaa1dc9a0", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.50-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.50-tuxcare.4" } ] }