{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e3e4edd-6d4c-5535-b8fb-c0f73c99b2c9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.87-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c0cbff55-ec0d-5590-9a29-fed771dad0fc", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10d31912-aff1-528e-9889-5e62f8df70f1", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:565e23f8-0a44-5cd8-844d-8ba97f41f0c3", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:512519c1-3671-5337-9e8e-3d5b904368d7", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9b3bf1d-a6aa-5c45-825d-53bd3ef4b51f", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:789e4bfd-5fc9-5971-9f5e-cbdb6b8c3572", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b7113d5e-90d9-53bd-a2e0-dac0961a6525", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3b9e15a-989e-5ba3-bd6f-1b893f4f6e80", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12c73323-20c8-57e6-90be-5d46e6faa08e", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95f8d22e-7ace-5b14-9594-38f38eb7b84f", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d734760-338d-51a4-aff1-d0db5177d2c7", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3243b96a-9e7b-5cff-8939-8d8f9371d0d2", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fde58a33-61a1-56fd-b421-cd2ec1117807", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0c68b7e6-dd07-57e4-a7b2-53938a2129d5", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed5b5f7a-d631-5764-8c1c-4b2088a2c29f", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef9f17f0-0273-537e-870e-162b53d32c56", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5844566d-7964-561c-a31f-c76b3d6e9609", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf3ada0e-992e-5c74-9a34-51c7d74d68b3", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8360277-9841-5c5b-bdff-96f2a889675d", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:39046e2a-4110-525f-a7d8-db1c9c15854f", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8790659e-ed16-579c-b773-d46e0c143a5c", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb34908a-48a2-5048-80c8-896245b7c457", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:75684e77-ddfa-55f5-acee-024b5e938070", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:578fe6e0-4dfd-575c-b61f-4ba8b9929754", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aceaea5b-d99f-583c-89b1-660fe0cb8fa9", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e097ecc-6220-5ed8-87a3-d94ff96fea20", "id": "CVE-2025-52520", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52520 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82a2027b-47a8-52a0-b045-60eeec2f2939", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08b4fd8b-9343-5461-9a95-531c575f09a8", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99bad9b8-d6cb-5ce8-87fe-c9b4b4f1edd1", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:684b5b7b-6aa7-5a1d-a883-c5bc8216e954", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5637ea5b-c283-5b0e-8091-5b742dfd409e", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe31f88b-39d8-58ad-84aa-b4fced5d5a23", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6820746-4003-5dd0-beef-e12ab75d665f", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a231207-f25a-5d72-85f7-dfaab7e01a9f", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f08eb751-c513-5e7c-9ac1-2710e603e085", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79af7bb9-2b58-5b81-bce0-364ac8fe9480", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f92623ad-b625-5c33-9807-60061149b519", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb3fbe58-1b13-5e34-a87f-9ec3da176498", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:75b24500-f41c-518a-8871-855e4640e976", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f639889-908f-5871-a412-8430a4fe54e1", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0747d519-08b2-58df-af5a-b612035d0861", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.87-tuxcare.3 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.3" } ] }