{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3183549b-2138-5d17-a2df-fb4c425736b8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-api", "version": "7.0.109-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:92b30cfb-ce3d-5699-ab41-a68b247855c0", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c029329-0351-5698-a454-4b712dc4ce1b", "id": "CVE-2015-5174", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5174 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eacca7c8-36bd-5010-a158-88bc47114c93", "id": "CVE-2015-5346", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5346 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf1668cf-8782-5cee-875f-7ed73ba19e50", "id": "CVE-2016-0706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0706 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9b169fc-51a1-5b47-bfb0-5d27f16ecaa6", "id": "CVE-2016-0762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0762 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2384733-9f35-5a95-b37b-4c8dc8aa4730", "id": "CVE-2016-0763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0763 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac08a90c-3097-51a4-a9dc-3f1c84d6f76d", "id": "CVE-2016-5018", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5018 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c514d16-d965-50b5-a252-d928d9fcab61", "id": "CVE-2016-6794", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6794 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:966068c4-a474-526b-ba74-61615a9e074d", "id": "CVE-2016-6796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6796 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d11b85a7-8a2b-5e7c-995e-414b43123de5", "id": "CVE-2016-6797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6797 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b6c7925-642e-5c5d-96c5-45c1c107b600", "id": "CVE-2016-6816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6816 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80ad382a-3c87-5da2-9c80-13ef0030e7bd", "id": "CVE-2016-6817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6817 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14d3886b-78b2-5c00-a030-5f2cac261eba", "id": "CVE-2016-8745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8745 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd5a52db-c0af-5062-8037-93146924158b", "id": "CVE-2016-8747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8747 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e7fbfa2-f03c-5d57-b53a-64ecc2f0fd6f", "id": "CVE-2017-12617", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12617 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5018036-346b-56ad-8082-f83d8e644dde", "id": "CVE-2017-5647", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5647 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7191b2a-4afa-5c9c-97ed-d128dd836314", "id": "CVE-2017-5648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5648 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4094d21-61e2-5b78-bdac-ee6f8239bf9f", "id": "CVE-2017-5650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad7708fa-8af9-5c98-92fa-74f0107097db", "id": "CVE-2017-5651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8eaa9e4-54f1-51fc-afcd-cce3c0819bd8", "id": "CVE-2017-5664", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5664 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a274fe03-58fd-56cf-82a4-d1b99be8b44e", "id": "CVE-2017-7674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7674 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab33931d-68e1-5e06-8b94-d7b475058755", "id": "CVE-2017-7675", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7675 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:410421d5-00b8-556f-b3dc-2cdaf7afe55c", "id": "CVE-2018-1304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1304 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c20c2920-e805-5862-a520-81444aa9c97d", "id": "CVE-2018-1305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83dc639a-6a71-5f4e-8a19-e90b2f2b2664", "id": "CVE-2018-1336", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1336 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a6d16b5-9e54-54f8-a105-0796c0ff7714", "id": "CVE-2018-8014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8014 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3fe1e6b2-4602-5e42-a7ba-ae483a475bb3", "id": "CVE-2018-8034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8034 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7d0f6ca-0e6a-56db-8f61-aca53df9c8e5", "id": "CVE-2019-12418", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12418 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:061075c2-d8fc-5b8e-b24b-fedfbfc6209f", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6316c358-9118-5749-a2b0-136d7784f1d7", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a4c7927-de61-51bc-b5a8-3bc03adf00cc", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce00ccbf-e324-5303-871a-9bbc7bb207dc", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17616705-c9e0-56bf-b25a-1c6fc90cd62d", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94d6672f-4dda-54b4-8458-b8343488a495", "id": "CVE-2021-30639", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-30639 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc64345c-78f6-5eba-8217-0edac9a6ea13", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:330497e3-6deb-5c66-8e8c-c1c86e72b96f", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ab2278b-927d-551b-b467-71c306601339", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e63e5347-f816-5856-977c-4851b3c61182", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2d0335d-5f69-5aa9-9764-05375ece7381", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d2ae54e-e979-58b4-994b-0db3863738b6", "id": "CVE-2024-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38286 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:599a1c03-1216-597a-ac49-f1e179bc1c87", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3c416f1-0114-5e79-b93a-5168deb8c687", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:465a1bac-5a75-518f-ad71-38ef52d80b5e", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de5905da-1b36-5fe3-923e-7e0fc1e9eb46", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:350590bf-a49a-5312-bfdc-9ee55a946929", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3fa78946-641e-5e8e-8a0e-8cd217715473", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67f9747c-17ef-57ac-a91b-83ab78c37f51", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8652294b-932c-5098-8491-96de46492676", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdd69eba-88f3-51c0-9f58-467a48440122", "id": "CVE-2026-29145", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-29145 does not affect version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api. The official CVE record (https://www.cve.org/CVERecord?id=CVE-2026-29145) limits the affected versions to Apache Tomcat 9.0.13\u20139.0.115, 10.1.0-M7\u201310.1.52, and 11.0.0-M1\u201311.0.18. Version 7.0.109 is not within any of these ranges" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f17c4a4e-b9eb-5d05-ad88-f7d2427a25f4", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ae93630-c7d6-5297-9eca-0e9edd5977cc", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.109-tuxcare.1" } ] }