{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1d3788a1-fcc3-5b5e-89d8-2c5dbc19876d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.87-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0205758a-4edf-5a86-b06d-e46cd946f978", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a660a878-0dba-52e9-9a08-a54a849c612d", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e477c727-dfc4-5ac6-ace8-7dbdbba72de5", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61c8e648-26ad-5c8e-963c-546a0aebab3a", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5fe2c2d3-2ebd-5674-b88f-752a0a35f87f", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81ca86a1-4a9f-53a0-b597-bb1515ea6a0a", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b24df8c-5ec8-5c9f-ae76-4a41f1b3004e", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e073be77-1fef-5443-8687-20af14a54aa5", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be1604d4-b4c6-5875-9380-dbd8d5c251b5", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b06258b5-7cea-5b72-9fcc-8cf97a7b338e", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7193ceea-7d0c-5c47-a7e1-7a606a7647a1", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89dd0f7d-76d7-5370-a08f-e125e1afa5c1", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f2c98fd-c9a8-57c8-b30e-256d7d5d9c5a", "id": "CVE-2024-50379", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-50379 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1614a3a0-57cc-5509-8ba3-7a3008e811bf", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d589a4e0-bf9b-58bb-b4e5-18fac6fa5581", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f005598c-1f46-552e-bf8c-fb3da497c9b8", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab9d82f4-0370-536c-822d-14219d56342b", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e79cbd1e-ef84-5a2e-95ce-248e02e1ef7b", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6af173c0-92eb-5f2b-8f64-6db51f5d72ea", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:197c824c-faec-5125-98a5-220fffaed132", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:095db3a9-a0bb-5980-99c8-83c89b182745", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1069ae9c-234c-5622-a1cd-0fc597cdae3d", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bfebb976-ab9b-50a1-9740-285d01d9c3fc", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4213adc1-338c-5104-b41f-39e8daf51da4", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6e0b6f3-7329-573a-8da7-0e33cb563371", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e9b7090-5485-5ad3-88c9-1832441b5181", "id": "CVE-2025-52520", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52520 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f8059e6-d234-510a-80e0-9dd81c77740f", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ff6a077-7f4e-5e04-9994-12c198718f8a", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58410e5c-0c62-5dca-ab8a-d777d849e215", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f2854d3-f401-59b6-b7f4-e34a122e21e6", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df660dfa-83b8-5e10-a740-4f71c4431bb4", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e40cda8-8ceb-5906-a4d6-a4a3e0e9ccea", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1092f86-b786-546a-a9d7-b2a25f9e5145", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ebe763e-ad74-567c-8629-d712561e0568", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:966ac186-6893-51e3-8248-4563d198529d", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7357fcab-108f-50ea-8600-1f4833ed44c3", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:102c019a-56a6-5a26-8284-17bddc2d44e1", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff12492e-6331-52fc-ab09-c84245acc27f", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:130e4e43-bd7f-588c-9b88-fa1f9418358d", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54e4dabe-4119-5d17-a580-eb9dbeee2c82", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9bbddc07-5c3f-5490-9969-5fd66cab0d41", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.87-tuxcare.1 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.1" } ] }