{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fb23911d-3cbb-5356-9263-a0a0d5954659", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.75-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e2638f2a-0edb-5a32-8aec-c6c415ac81fb", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3611328-91df-5718-9231-5c9d6e6fa847", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9bc5e92-5cb8-541d-98ef-8419c254933d", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:799896b2-84ae-55b7-8fe0-27f4b6c8f995", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b66fc367-c84e-56ad-aeb0-e55310ac6497", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36e63197-df70-5fb3-a687-0a139a2d72cb", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f1484bf4-893e-5ab4-b0af-12db976a1403", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:540c0440-5985-58f4-8db0-6e0bfaf30ffc", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15d1e701-a098-5888-ae72-a68cd875cd9a", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffdf8647-1020-58ed-a2c0-5b32f6ec1eda", "id": "CVE-2023-42794", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42794 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c24d300f-59d6-5219-a921-48f2d29aa0c7", "id": "CVE-2023-42795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42795 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04348236-3340-547d-a0d8-d2b5448e1b20", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:532ecea5-6ca8-5a7e-85f7-0b67a6ff1362", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d6d45d4-ae9f-5bab-87eb-b5b2fcd2c3f6", "id": "CVE-2023-46589", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-46589 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:676b1820-5cd8-5064-94a9-3b843abad676", "id": "CVE-2024-23672", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23672 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3acaae5-6311-51dc-a272-a6a7e0dec6c4", "id": "CVE-2024-24549", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-24549 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59a7e970-9b06-5594-8f7f-144f7b6c02c8", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99101660-a6c9-5a95-90cf-74574f3eab94", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d596c64-2bad-56ce-adb6-48c8a4deca95", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dbdb2191-0be5-590e-8197-a95ca6ce104b", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:11352676-6303-5a0d-93c7-cc610f1188d7", "id": "CVE-2024-54677", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-54677 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ffc6d0d-0253-504c-a11c-63ec8e968ff6", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55149c54-66e9-552b-826a-50f25f212c3f", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8167aaf-a9a3-5005-9370-4876e0cf3ac8", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a326dfde-188e-5467-91ed-01904124ff63", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a9a98ff-31e0-5296-b561-89dc730596ed", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:865e54bf-9f58-5fdb-982c-1727d91bdf6b", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45a764f4-0b8a-5161-93b0-d2ed6c7e3a54", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80f353dc-f0e8-5e5e-8478-50c91769393a", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2bfeadd9-d54f-50bd-b099-cfb92c77c0e7", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81f57092-b368-51f6-8928-5aeb6c9a9113", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:249ba7f5-48fd-511d-bdfa-180a2b7960c8", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:88413148-418a-59c5-aad0-8731ede56394", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1050c9e4-0061-5822-a557-28f204d9e204", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4cdb735-812a-563c-861e-dc9276ba6a4c", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:75ed8bfa-d12b-50ac-ba9e-d0df9acc55bf", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14b0a159-0f28-5c27-b8e4-0ad38e77c2e5", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb4186fc-0f66-5148-90c9-13f3f2ab000b", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b23ee092-d2bf-5c46-8f75-1bcff9a73f47", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3aabff2-f6da-53cc-b289-6d98bb5600ef", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b411204-8360-5656-aa22-d615764a94d2", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12af74b8-7be1-5241-8dae-485127474c1f", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:627b1c44-f2fc-59b1-a926-e11ed6356eb9", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a8dc5ea-d08e-52a0-8e1b-9ac4b9ffb87a", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ce0b14f-1c10-58ed-8729-5ed619a2d67c", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.75-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.3" } ] }