{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5b334ffd-5507-5dff-8863-8ff0da4b0d74", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.90-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:81cf08a6-6437-5605-9aab-e5810447bfd4", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:945e88f6-3f48-5518-b184-4bcdda577a4f", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15aedba0-faff-5627-a9ec-5bfd13f8261c", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ebd191d5-de0c-58a0-a486-79d18ebc45ac", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4f1f94fb-cd94-5954-a6b8-9eb14e9cd657", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e0800853-530d-5bc4-b28c-8ec169038579", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9b378a45-dfef-5424-bb4c-8d9aa4c52599", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ef7a91f-3525-5ca6-afa7-229d07239efd", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a78d585c-98c1-5edc-bde8-fa502fbce9ae", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1bcc83c3-4aa5-5cf1-9b58-45f5542ca528", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1d1f6928-a108-514e-8f25-a3b659569948", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49af084b-b80e-58f6-9146-cf33463c6293", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de224c6f-328d-5ac9-9754-e9549c2ea9d9", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f1bbb27b-7fe7-5eb5-b7f6-4285233a9464", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7381b838-6a6b-554a-a857-fcabea75bded", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6010d9a4-87b7-5407-8705-804097de802f", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47f6643f-fae7-5be0-a240-84b69726d836", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ea93b1f-d567-5a4b-82d8-fcc22f82f9d8", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8f86967-6cb7-58c6-990c-95faba86d3d2", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25ebed3e-fbfd-585f-bc35-d9ee80ea640e", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a76c638a-dc03-5bd8-810d-472ee8f21795", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:abb19637-6029-5df6-9485-61751a61a3c9", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f0cca7c-0c5a-53c2-ab48-88ef9a9d77b0", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:86ec3ac8-0c73-5941-8171-ca0ff6b467e1", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:85b1ab42-dd03-51ac-ba28-80543e6e532c", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae60c504-1870-5460-b5c6-000c092a9662", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a4d4736-2f47-5b9c-a39f-919f0a851e2b", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39cdb4c1-e364-55d9-acca-36dea6ea5916", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f8add359-1efe-5b11-81e2-caea4bd46198", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3518f89e-771d-58ce-a42f-b31767119854", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f331e93-0b6c-54f6-881e-34f677b8c7c6", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f44e16f-4003-52d3-94c5-10337ef5ea9e", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:73f9b11f-0e74-5b10-a60b-6554f21b7e82", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0208997a-2eb7-557b-9815-6891e3ede448", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:90711561-d651-5386-8aef-a8dea98c1b13", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78bdc2ea-dab7-5078-b4e3-1d41f32d4e32", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f2454f9-efcd-57bf-a001-2a0b6832f3b8", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a022470-8362-566f-8d17-c4df8898d286", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ac7568a-59cb-5d59-bbb2-d606f5080ff3", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.4" } ] }