{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:23abc680-b353-5f2c-b63f-dc0b26c7491b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.75-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:58b1a3eb-6483-5b08-ab00-fb783eb41823", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:185b06ef-149a-56c0-957d-2890c8ebbccf", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6cde0dcd-5056-56b7-89b5-764d6c0a233b", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6034c4a-2ca1-5ce2-81d8-6634869290a8", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9403d3e-7526-50c4-95fa-fd6785c73a6d", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6183692-938b-52db-826b-ca9b369a4d54", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b419a85-fa98-5454-823e-66093bf0946c", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfc2a36e-168a-5859-a720-a6364315aa5a", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20f730a4-7af0-5960-b93d-5a72a3c63f02", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f338ec35-36ac-548e-bc8c-33ef9d2824ba", "id": "CVE-2023-42794", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42794 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4cf094b7-872c-599c-8bd9-46fcc9a5097b", "id": "CVE-2023-42795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42795 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40f94dfb-9b08-5929-9f28-b526b36720b6", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb5448c1-9dc9-5107-a5dd-41d264a26e31", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc391563-f3e5-540e-8a4e-1557dc8071c1", "id": "CVE-2023-46589", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-46589 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fce73114-de1e-5405-b6f7-602856438030", "id": "CVE-2024-23672", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23672 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:560f6e13-2b80-5142-8a71-e8cee29b3759", "id": "CVE-2024-24549", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-24549 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1377ddf9-3f24-5b90-b2e1-47035f32dcfa", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0050cbb-e5a6-5a3c-b750-16603c9be8b7", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa92e061-6d5c-5748-b749-96a51544880f", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6af4c453-365f-52eb-abbc-8f404c9e5d44", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3277cb46-3d4c-5d6e-9b42-926cbe7a7815", "id": "CVE-2024-54677", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-54677 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82074424-ae85-5b20-8581-1bd1e5be5c09", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f29b4501-8543-5675-94f0-b86db06adff7", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77104b15-7967-59d3-9774-f7c556f2835a", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d66992f3-4602-5b4e-adc1-5ee25080165e", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9a9b1fc-18c9-5f0a-8761-d3fdd40c3ada", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66c2223e-bfab-5529-812e-03efbe1f42ea", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ef4076d-5cdf-5e74-8744-3bad54953b39", "id": "CVE-2025-48989", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48989 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60e6c203-292c-5a62-ba84-a297df8aeff5", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eeecc161-2957-5ec7-9656-147bf4925f35", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7664e7c-35e6-5ab7-80fc-a16bc688d09d", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7eebed0a-bbfa-5499-9d0a-90cb47d1ba79", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c206631-00a3-5921-a06a-193dda104c67", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01e3c1ab-5848-5951-9d85-9dd6cc1b4a9f", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e347698a-8d8f-5246-b8f0-4d7956778a63", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:410f4347-117f-5cbf-a6ec-d5fda3eaae6b", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e885b852-f973-5007-ad5a-e7fea7f8308e", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3b84624-1a4d-5f85-b951-d55122ae8583", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63490b8c-7b05-565c-9d5e-4ff49338b6d6", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0bc2c76-902b-54af-ae27-36bc74b644c9", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6089b64a-8bbe-5451-9ea4-9fbe29778292", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df015223-35f1-50cf-b4f8-0245d8862f0e", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:375c55f9-b39c-5bc9-b444-2de495d55e01", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce893fd7-f71b-5721-b479-291b412f1c9b", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a777327-36a5-5a53-ad26-401d26fcbbdb", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.75-tuxcare.2 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.2" } ] }