{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9d11819b-a997-543d-8710-b3e15ede796c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.87-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5dfbd0ed-1f3e-5fc6-b47a-e8723133fb0c", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e538285f-e36f-5332-96ce-839ed54f205d", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7f7208b-b418-5ce2-9656-6d20fb260408", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5476250d-bb40-5f55-991b-9b0a10efd9df", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc73944a-59c6-5c38-9e74-03143a6d004c", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ccfb0e20-6a7e-55e9-9fef-6d09ed55ed9f", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f7883da-39fe-5fa1-8574-4e0d97b3bd3c", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fdcd808-0743-56cf-8c67-edd38e63c43c", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d96f33a0-5922-5783-85f8-344f65183f65", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b99c6e14-6498-54bc-a10f-6d918171c1c2", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:73555dc0-aebc-5718-b248-9ca7df06b746", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd9ffee5-9f2e-56fb-88fa-ccfa97a5513d", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb9ba54e-721e-5cad-9fb1-aa364c0c9660", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:17818035-775f-5918-9737-df624c59d53c", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c6746f8-eacc-52de-80ad-13950d08f5cf", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:168209cc-417e-5c9c-ad8f-8f70dde33aa1", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:63819916-1c72-5c7f-bd15-005704ada659", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4123f1bc-0c5f-56ef-9148-0373ba56a6b3", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:559e9409-43d1-5f94-a67f-3bfd45d36953", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e56eedd-e61e-5061-9a95-a891d49ff887", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f081227-437d-55b5-af07-42676b32e607", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6e4cd820-d0f5-5a2e-ae9a-811775587e5c", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b189949-1671-5058-9303-857e1b7d09ff", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:11082b91-6287-5b5d-94eb-d3dd1d4d375d", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:222ee270-d6c2-59e2-8816-e5ac6b9c6ebe", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67d4f04c-e948-5323-ae3e-917187a6626d", "id": "CVE-2025-52520", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52520 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78cc1305-b0c0-563e-b230-856292c8dd23", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:10140e94-3eea-572c-a919-072d7f8c8d73", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef01b47a-e5ed-539a-8614-7986ad2da04b", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b6e0585-3ab3-5ec5-88be-4a954d1834ad", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0b9fbf0-a2b3-50a0-8ac6-d17fa9beb0b9", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df30373a-ed7e-521c-aced-f8c27aec4c93", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e937c54-e85e-50c1-86c0-a004356cc2e1", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:90146c26-2e94-598e-a4d3-6fc8c9729aa1", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f6683887-e2e7-5b2c-b642-b66ce21aba76", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:41a786da-8a92-505b-a129-9354b12f2305", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ed2ee89-63e6-5e34-a772-62a9b59c1c46", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:745b29df-5234-5455-a651-50f49f99d3b5", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:759ad9c4-edf7-571a-b29f-b58f1c3c1506", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e27b5d9b-a9e3-5897-ac13-6467d2f7468a", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a034b958-3bc1-53d9-bb91-7ebe47254abf", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.87-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.4" } ] }