{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:474773eb-3da8-5423-8739-ba45f857f024", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-annotations-api", "version": "9.0.90-tuxcare.8", "purl": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9bd738ca-7699-576d-b7d2-52505cc71940", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b6ad67d0-48c7-5407-bce2-7b88c5f1d537", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:eec04d76-7d50-5c1c-9ac5-09afca5e29cf", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3d99e9bb-838e-54da-875e-50b8e8a81c88", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:dafc5955-1c71-5a95-b61d-c2b319e9a91c", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c5f83e06-877f-51ae-be61-0ab7cf45c886", "id": "CVE-2021-42340", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2021-42340 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api. Patches already applied: 31d62426645824bdfe076a0c0eafa904d90b4fb9 (already in target via 80f1438ec4 'Close WebConnection', a37a6d312c 'Fix BZ 68884 - improve handling of large scale WebSocket disconnects')" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:73f8fe7a-b031-5a5c-9d9d-69f96ad0fc79", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:90294f6f-8f70-5d83-b081-4cc9d6b5f2fe", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b5484ad0-5230-510a-b559-6a5375c86b2a", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:edc26691-1220-55ac-a59b-7fb9fd1551c9", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:717f39c2-805f-52cc-a1d6-5aae945fbb6e", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:bf7e731e-d349-5be9-8cf6-3c29d54630d3", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1365aa17-c7f4-54b4-a836-998cb5b26b44", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1484aed9-4496-5fca-897e-2545db5f8944", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6d116647-f95d-5a1c-888f-8eba3e29a30c", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f37ad03b-851f-54e3-b939-88c6f9502192", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e63b18bb-5262-52f3-bec3-0b90f4f6ddb3", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0d21d60c-e3bf-5b03-9d72-c0f55d4cc4b2", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:9688e9e9-4b1f-5a8e-8210-6f625527eba7", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f66f60d2-19ea-5aca-9eac-2b146848b08e", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ddbe4223-a406-529c-a089-09774bb91819", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7a8cd2fe-2839-5288-9534-231cc1cde149", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b8bc63f8-1513-5dcb-aa6e-96afc0497a13", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:fcc6b3eb-30fe-5e98-bfde-8445cc611926", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:51fcff2c-5deb-5209-a083-93c89d2900c2", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:96ec67e5-99b1-5ada-a741-6b1bcd169784", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:12eb5627-cf0d-5f4c-b270-c1b84c0da87a", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3fa6f18e-7051-5f3c-8766-e270f858992a", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:23e55399-7374-5b19-b220-86b2d70edda6", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:291fee65-15c6-5111-a033-dadcfedaf9d2", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:065d2912-228c-51cc-811c-0062e3fc1011", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:acb70cdd-a9a0-5b6a-83a3-2ee468300a4e", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e5af825b-4293-5a19-9582-59aca1840f7a", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d3adaf0f-db0f-504f-bc58-c5852813fbc9", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:558b6252-623d-5536-b586-ef5515a33c4a", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:73e07758-ac2c-5da8-9a05-68f4cc483520", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:69e104bd-bb0b-5d09-9136-cbb91055620a", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d25a14cd-2cf3-5206-b818-52992009aa0d", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f891f015-a8af-53a9-80f5-0421abbe46c0", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b8a9cdaf-e4ba-5872-937e-8da99f07123a", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:927b1c9d-e79f-54fd-bfca-cea42ccf714c", "id": "CVE-2026-41284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41284 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4149809b-de5c-5991-b848-06bee34ec315", "id": "CVE-2026-41293", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41293 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:70c6ef46-8f83-533c-af78-fe22ed007325", "id": "CVE-2026-42498", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42498 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e3e1e21e-4fe4-5ec2-b2d6-65849d471aec", "id": "CVE-2026-43512", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43512 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:fcfabf6b-21eb-5050-b882-59ac0e50b07d", "id": "CVE-2026-43513", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43513 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:797d26be-e455-5103-ac37-4d9ba944d593", "id": "CVE-2026-43514", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43514 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:45e0ad23-4de2-5a02-9e20-236372f52f60", "id": "CVE-2026-43515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43515 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-annotations-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.90-tuxcare.8" } ] }