{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6e32d6a7-986e-5eba-a12c-361541456481", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.90-tuxcare.6", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:de8c5fe0-8b85-5db7-b966-985d4e774134", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fb953a9e-9a0e-57b8-b374-f4947a410b06", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b980c6fe-d2da-5491-ade6-af3c9d452942", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e9e27ac6-5975-5561-bd35-5671d0dd677b", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d8767fe3-f166-544c-a3e2-459b9045c8bb", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5fdd698f-c558-517e-81f6-cfe19398a60f", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8ef37f4a-4146-5638-9ee3-4ce59f6ede7e", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8b0d2206-c8d3-5083-bf12-bd1e43b92ea4", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:18f84a05-a892-5107-bbc3-21228e6b9623", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2f8c4589-3d96-5d84-b487-e268d96e64ee", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9620d4ca-d8d2-5b3f-acb7-14d67851740a", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c005d4bf-36b8-5d37-8f59-26652093b765", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:15234871-7211-5df5-a08a-ea8e8098cc2e", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bacd0f89-2677-5222-b988-a8f8aec9ea63", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f0a347c7-8e3e-58a1-a509-54e41badb193", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:26692abf-a113-5986-93d9-4802b8e7bc1b", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4a2be0cf-3aa7-5aa0-988c-248095ec1272", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:83a21b37-95ed-5d0f-91b0-7b6ad6961afa", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a850557f-e5d3-508f-b7f5-375c9e0375b7", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ddeaf168-6d2e-5c0c-bb0b-bd0b32fad7eb", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6b44d001-dcbd-5600-886e-20289c65d126", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d23aeb96-8b0d-581c-8339-24b27865a395", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:08b0dcdc-5d92-5865-b6a4-5aff1c2212cf", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:65715325-7917-54a7-aee4-65139b456242", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6f1f6854-87d5-5830-a318-ed08fb1b4645", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a4429a5a-7df2-5817-9dfb-ab7968c1dff9", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7281f781-00a7-55e7-bf9f-8f38177cb771", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c5e9ec2f-f6f5-57e3-a58a-0d7ac1071e55", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f7a354cf-ba4e-5701-8739-2daa8ba25f90", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:23e55927-2674-51fd-937d-2f035bcb769e", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3bdf8d2e-fd9d-5207-9b6e-af2486cbbb0b", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2dda66c6-9880-5b5f-94e1-83dc7bd40ed9", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bbe17ea1-f042-56ef-b75c-7a42d29de594", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3dc2ce5a-34b8-5c0b-b2fa-6c67a1356fc3", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:58fc2cdc-b949-56b1-899a-688e8dd5905e", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:75eb3434-1ad4-5e54-a426-3b9ee2c73eeb", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f1fa4abb-ea5a-5482-94f0-7f89fd771f0f", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9897f576-59f1-5f6d-91a5-65de81fb013b", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0be24afa-a36c-5bdd-85b4-c379537487c9", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.90-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.6" } ] }