{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d2080be2-ec93-57bf-9fb3-a1d4d6378264", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-catalina-ha", "version": "9.0.90-tuxcare.8", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5cd3dd16-425d-591f-bb51-a2ce801bbf92", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:787785e3-e373-58d7-9407-03086e28652f", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:65a88713-cb19-5923-8c5e-094ae4510b28", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7efb5127-6d81-5cd2-9ceb-33ec63a66947", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6895d4e7-a88b-5493-9d1d-d22e669be422", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:146d4458-be62-5306-a7d2-56fe56c8b158", "id": "CVE-2021-42340", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2021-42340 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha. Patches already applied: 31d62426645824bdfe076a0c0eafa904d90b4fb9 (already in target via 80f1438ec4 'Close WebConnection', a37a6d312c 'Fix BZ 68884 - improve handling of large scale WebSocket disconnects')" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6ae97f45-f5b4-59ae-ba05-747235cf4ad8", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d06044c7-b3b1-5b9b-87b2-5d36ce29dd6b", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:78d965f8-c3ad-52ac-9092-3f87dafaeec2", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:dde004e4-889f-50ec-bd8a-39e9c2ed56b4", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7d260ab2-0caf-54b5-bcd6-eb8037170f14", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:874aeadd-732c-530d-a5a9-d29fd1e89c0e", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5c9513d5-55ec-5428-8563-ea5c6697b021", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c5994f0f-d71f-596d-b473-ca2a03522363", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b6298358-80b2-51d4-8c1d-3a0815e5d50b", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a13b6d16-5451-5685-a41d-75557aab3c83", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c11919f4-14f6-5089-89f3-874773587590", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0612e2d6-f56a-528f-a1b7-87cbb534cee2", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:af0f6263-fa88-5b74-991c-5f3329bf3b86", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5586da09-56a2-5e7a-a7ed-a11f5955d4ff", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a0a2f534-9e35-5619-a07d-120f2f9f71ec", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:fd9dc320-cfe5-5e7e-92a3-516aa6bd7bad", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c2ddb592-9a26-5949-829a-7edca86034b2", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:79fe552a-571c-5261-9e94-ad8dd4a5a564", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ea96f7b6-30ad-5e12-86ba-23eb10c0644a", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:bbf7edaa-545f-540e-baca-cdd264f32250", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:59e1ad34-b141-51dd-b65e-80f033d5390c", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:03292068-8012-5ec5-a808-85d1c0f27ce4", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:82ff9669-c433-5dd2-ad85-09230c7ae2f3", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:50cb5744-3697-59b3-b1e8-e2e821b27f96", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:61c9c5b6-df5e-51d1-ad5f-be2af4264cfe", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d2f76e5c-98f9-5c42-9235-46c21ff303a5", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3a9ebf7a-01c8-5f88-9b1c-a84d3882de25", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c5f6a12f-261a-504d-b520-cc3730a5b1db", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:fad4a415-4b16-5c51-8e8d-bb819fb841c9", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1f678746-e70b-503f-a8c8-492a7d37bf06", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4b386c3a-229c-54b8-9b6d-dc960d7523ff", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:66651103-1d6e-59dd-a032-2392bd989450", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b6543aa1-be8b-5696-9787-fb58b2722727", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b8a72873-fe3b-5d45-838e-cbb75461bc98", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4f90511f-2f61-5c8c-8fda-7420f8bc5feb", "id": "CVE-2026-41284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41284 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b60880b2-757c-5f65-a212-27fc2a907f2f", "id": "CVE-2026-41293", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41293 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ed7ca0ec-a5cf-5b22-bde7-90738b696446", "id": "CVE-2026-42498", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42498 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e6dbcab0-e0cd-54ca-9171-9830e54e4734", "id": "CVE-2026-43512", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43512 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1bf77089-31c6-550b-8239-63ed2aa7c49b", "id": "CVE-2026-43513", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43513 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:60346c72-4d8f-5b59-a886-a4da34da433a", "id": "CVE-2026-43514", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43514 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:752058eb-7bd9-59a7-ae93-a2ed7a68a029", "id": "CVE-2026-43515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43515 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-catalina-ha." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.90-tuxcare.8" } ] }