{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a902ad5b-ea29-5805-9c9c-028913effbc3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.87-tuxcare.5", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ec3d9500-d6bb-53b6-8d77-29d78d3da8f7", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:31dfdcce-8693-53d2-afbc-3d612e74a7db", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:edecfc66-e24d-51ac-98b6-f5c79bb16fd2", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3c2b069e-82f0-5510-953f-0fba0bed2c32", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:108b79ac-6e72-536c-ac5b-7c3ae754e5fd", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:24ff3acf-fa46-53cc-a0c7-e3ecaa7af45a", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ed109868-899c-5852-a680-a83398344281", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7c8538f9-14c5-5455-8861-e9c79d77e153", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4746d30f-b0f6-5ed7-901d-4b739250a1fb", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6db34023-7ca4-58a4-ab0a-740e2ee94cbb", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:39cba7d1-bdf1-5276-b3c5-8b65463e5eac", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8fd64075-5b9b-51ab-962f-a9bf436333d0", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d9aa2b2f-dddf-5a9e-94f2-e2d6ee93341d", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:967033e1-a08d-5e2f-841a-d32e30ee7366", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a5a22f88-f478-5487-b74b-aeba0af1f8a9", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:88553cfc-fbce-5e76-90bf-8ebd6f5eab8a", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d2466019-9255-5c18-a1ee-382edbc3f49f", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1bc6860f-2f84-5402-bd40-340402635b5d", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f580befb-ac8c-58aa-9d18-7066597840b2", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:12147dc7-d89c-536e-99c7-2f494ec9dac3", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ec517d7c-2f89-5114-84ec-2cc707e86e83", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ddaf0442-e928-5789-a7c1-f513d0297ddd", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9375553d-598e-561c-97ae-493f8b4da1b0", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7e765b7-b58d-548d-92d8-990250b162de", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9a0738a2-e9ae-523f-abbf-d562442ef0a2", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b0c349af-a04e-5eec-af67-04ca7a335d6a", "id": "CVE-2025-52520", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52520 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c271b152-e8d4-5610-9f4e-0eee101da933", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dcdf4638-9bc1-5f8f-b611-37ad288bb1f8", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e04cf6b8-15ff-530c-979c-77fd0d2fd5ad", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e19c67ed-8ccb-5821-940a-fa3129443b8b", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:14686dd3-5b7c-5c4a-990c-fe689638d5c0", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bb6e40b6-21a3-57ed-a8a6-a4725a841f37", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:66bdc4ff-6272-5ef9-a6f1-c7fdec88ab6f", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:595cb536-11af-5fc2-a032-76a1db572616", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:80ddd153-761e-56b5-80cd-f52e780a21dd", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c40dab9d-9767-5d1b-8ca0-520471a8cb51", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b753523e-9cd0-5999-af85-62fc79fb268b", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f1a507e1-4e7e-5bcd-b330-961fcf9ee3bf", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fc0686be-9012-5933-a778-a237ce44ab68", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3703df49-50ec-5203-8fbb-171df582bc0b", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:00d85f0b-76c8-5065-862d-a27e6862e083", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.87-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.5" } ] }