{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9f99fbd4-844f-536b-8053-52dcedbde91e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.75-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ef3bb1bf-cd48-5b68-b546-800ba06d3ba2", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2ba5b6f9-3315-50d6-b254-a72a6ec5a01d", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47197068-bc67-56ee-8ee0-087d92929e2f", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de20bd86-925b-53df-827f-32745567e264", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:248407d6-1fe7-5507-84d1-82ef51358c08", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:745edd1a-1e18-57e3-b2fa-65635685e098", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ee658d64-54eb-5382-8f3e-3c3043b04f3e", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:226d3983-f259-57cc-b0bc-3b5279da4dfc", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1d144c5-bd8c-5215-b76b-4c9cc96f187e", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:237a45c6-bd8d-50c6-a216-533a7f3d5895", "id": "CVE-2023-42794", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42794 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f148b15-6a27-5289-a941-cb824827979e", "id": "CVE-2023-42795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42795 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d08de2a-ef8f-5d88-ba95-66db98d39030", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:13959080-4674-5b15-8f80-bd636eb17017", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d07e5962-d341-57c0-a948-ddd99020bd18", "id": "CVE-2023-46589", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-46589 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c4e330b6-9f1a-58b5-ae84-1dbbedc31fe8", "id": "CVE-2024-23672", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23672 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e6cf062-286a-5c83-afb3-b9e7e35ebb47", "id": "CVE-2024-24549", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-24549 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d2d31d6c-1a1f-51e0-8abf-339ca72c69bb", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b62ac6ca-4cc1-5afa-8131-5f639c8474a4", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:84159d7e-4b1c-57ef-8478-3e5f95ff6460", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b760bd6-c2c0-55e5-a0da-6e24c560f574", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:42b71824-3a58-51ec-9585-86148d3a6174", "id": "CVE-2024-54677", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-54677 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:33b2f650-8548-5be4-a4d1-738493d13382", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:409a787e-e8b5-5c1a-a028-34f474479712", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f32afe97-0002-584f-af9e-493cd60cc04c", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f942b46f-a406-5293-a570-de1c715468ff", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:630fe398-7eae-5075-a4a4-58020a7aa3b1", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2511c30f-60eb-5d9a-8150-2a270f0d3b93", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0854ff00-7bf2-5787-9271-69adf2f5d7c4", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f80df2e3-5fda-5a81-9c07-b2422e5d3cb9", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:51456b47-3be9-5e5f-bb6c-f9c3216e0665", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:daebf160-0096-5065-b81e-538746b2e7f4", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:92b9422d-9cc5-58af-ac41-5d09ba8d59f1", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2bc6c153-c950-5d2e-998b-27f580beb867", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6aaaf854-ec4d-5b47-a170-5b4e08796483", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ece0b811-11a5-5b53-b2ee-1a6dde3a8c94", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8df18e3-a3f2-5959-b6e1-309dc4d1103c", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c625559b-41fd-5567-b6ed-9d37841de259", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf809364-9916-5d7c-8ace-e54aeff4fdc0", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:71496622-b250-5748-93ac-9a51f4361dc5", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4416aa6e-0d1e-5d89-b27a-0fadb4d5d7b4", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2089b514-443b-5075-bb0e-0da32c4d6ac2", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93e21fa2-9c53-5a40-be39-090222d67d86", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f97b1c5-aeec-52e8-a21f-fc820b2b3d30", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1956d36c-2042-5966-9086-85f775b2a827", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:593fa2f0-21b9-5828-9f5c-6b82e9162e01", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.75-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.4" } ] }