{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:893a7d80-6e0c-5cb0-ac9e-79fe71b420e5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2", "type": "library", "group": "org.apache.poi", "name": "poi-ooxml", "version": "3.10-FINAL-tuxcare.2", "purl": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:828de0ea-828c-5340-9f77-d18fcccb619f", "id": "CVE-2014-3529", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3529 is fixed in version 3.10-FINAL-tuxcare.2 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d19d4650-f395-5555-98e4-8f640cf15067", "id": "CVE-2014-3574", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3574 is fixed in version 3.10-FINAL-tuxcare.2 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6644d438-eee8-54f0-99a2-e3e9fdc1c8ea", "id": "CVE-2014-9527", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-9527 is fixed in version 3.10-FINAL-tuxcare.2 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d87c3845-f1d0-5995-a989-e02e9ee35a38", "id": "CVE-2016-5000", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5000 affects version 3.10-FINAL-tuxcare.2 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee528c96-8169-5604-a31a-03622bd192bd", "id": "CVE-2017-12626", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12626 affects version 3.10-FINAL-tuxcare.2 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c75d151b-1181-50ac-8ce0-522cfbb12537", "id": "CVE-2017-5644", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5644 affects version 3.10-FINAL-tuxcare.2 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29f92c61-19b0-5dfa-b167-9c3b6024dc65", "id": "CVE-2019-12415", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12415 affects version 3.10-FINAL-tuxcare.2 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba101dd8-eb92-5ee6-8e9e-45972bb6ce08", "id": "CVE-2022-26336", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-26336 is fixed in version 3.10-FINAL-tuxcare.2 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f5709f6-6ae4-5e90-89c6-1f598160843b", "id": "CVE-2025-31672", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31672 is fixed in version 3.10-FINAL-tuxcare.2 of org.apache.poi:poi-ooxml." }, "affects": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.poi/poi-ooxml@3.10-FINAL-tuxcare.2" } ] }