{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4421b681-a2d4-53ab-917f-83dd3adbc2bf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1", "type": "library", "group": "org.apache.poi", "name": "poi-ooxml", "version": "3.10-FINAL-tuxcare.1", "purl": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f96bcba1-2637-58c4-a8a8-98bf52ae2dbc", "id": "CVE-2014-3529", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3529 is fixed in version 3.10-FINAL-tuxcare.1 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a24fb1af-5146-5917-b9f6-b3c9d96ece59", "id": "CVE-2014-3574", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3574 is fixed in version 3.10-FINAL-tuxcare.1 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64713081-160f-5321-95ee-1c8cde891ed4", "id": "CVE-2014-9527", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-9527 is fixed in version 3.10-FINAL-tuxcare.1 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1802deb7-e744-539c-9250-38161c6e270a", "id": "CVE-2016-5000", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5000 affects version 3.10-FINAL-tuxcare.1 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:551bb617-5687-5a46-8ccc-d617fa9bddce", "id": "CVE-2017-12626", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12626 affects version 3.10-FINAL-tuxcare.1 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:897f00bc-ba0b-541d-98e7-13fc0bb84811", "id": "CVE-2017-5644", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5644 affects version 3.10-FINAL-tuxcare.1 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee655f81-6bec-518a-9bb8-69bd099b8361", "id": "CVE-2019-12415", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12415 affects version 3.10-FINAL-tuxcare.1 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e444fc7c-183d-571c-9dec-3824bff015a4", "id": "CVE-2022-26336", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-26336 is fixed in version 3.10-FINAL-tuxcare.1 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbdf0296-db70-582a-a196-e26e50ef84ff", "id": "CVE-2025-31672", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31672 is fixed in version 3.10-FINAL-tuxcare.1 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.1" } ] }