{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c2240132-60c7-51b6-b804-4c3623061c5b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.90-tuxcare.5", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:28148222-8a88-5a6b-bf20-350741ec311b", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7f516490-b6b1-59c7-bc50-5fa0e9da2299", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5b166511-df7c-51ae-9ea8-232b57de3d63", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:23542c88-447a-5d3e-ae7c-7fded2a927f1", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:adf5578c-61b7-5585-bed9-17d12837afd6", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3dceac36-6314-5896-ad97-4632e1e0f67b", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f6373cc4-a4c2-528c-a176-079b4b3c1ba6", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:68dfe20d-79f0-58ca-aa9a-792f789eb9bd", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:aa4095f4-ff3a-5437-adab-6f1c649c13a9", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b2528201-3bff-56d9-80e6-96d04d964f0e", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:edf1acb9-b30b-588b-b172-15b736590877", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e020fb6b-0ce6-5bf7-9f97-3a150ba409c9", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8fe4e0ae-abc4-503c-bd9e-8df69a35ce12", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f9ea0db9-769b-5a4c-8900-387f805db15f", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0b647167-b6d0-5a04-b72f-80754d609796", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7ee2283b-2bb9-5fa0-8f3b-27a80d8c01a4", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0d7906bb-12da-5140-9cbb-3944331f7c34", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d4a1795c-8d7d-51f1-969d-284f1cace671", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9abdef19-0557-5c0d-8254-20dba79dce87", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8aa88951-1ec7-526f-94e7-5d7b26affd33", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:64a0ec64-b96d-561f-a77d-7c762db58060", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8a822692-749d-54ba-8853-1105bec88c62", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4c088560-afc8-5c65-b017-9c2aeb6e8bfa", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9316dfac-9832-5efa-952f-26cca5db5a71", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0c80aefe-b7ca-5df0-8112-a9bac5dda367", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0d305034-502c-5213-8a34-055786f1e09e", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1105b459-69da-5d55-a056-1bc2b070c94c", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fb7b11be-aa7c-531a-ae63-4e5bbcdb615e", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:35462e5e-5e78-5244-8be2-1f3f65dfe5de", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6d190120-1631-52e3-a975-e90ab6dc9a85", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5c4c387b-5c1e-5644-af49-ce0f00653f57", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:31f8d186-f99f-5c8e-8275-c213866bdca2", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9b42fba1-861e-5836-a22a-e6140210eb90", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4ae9d044-9992-56b3-a82d-ff005f3c1e2a", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f57a9609-90b3-550f-a44e-e5ef1d9d7f7e", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3b82982-6980-5d52-b3fa-39ac2169580c", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6cf49bee-a019-5a70-99c9-b139769cf65e", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cfbdfaa1-736a-5152-99bc-d848a6da5e36", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a809509b-1f71-5366-a2c6-643ffdc0abfe", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.5" } ] }