{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a7108498-c592-5dba-927f-76dc8bbb02bc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-el-api", "version": "7.0.109-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1cae88b9-e269-59dc-9bfe-6c89449fab73", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e7f7ce3-19aa-59e2-b33c-db20cf5cf8c7", "id": "CVE-2015-5174", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5174 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:263f321f-c3a9-5fe5-9730-8020776b86b1", "id": "CVE-2015-5346", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5346 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a42dde59-c6d9-57f2-86ab-fce61843d08f", "id": "CVE-2016-0706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0706 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e9d75ce-5c1c-5106-94ca-f4df57728dc5", "id": "CVE-2016-0762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0762 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:783e6621-2cea-5daa-a91c-86672d4eb0f6", "id": "CVE-2016-0763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0763 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdb9788c-9092-5916-9d6c-1a9d6ee609f3", "id": "CVE-2016-5018", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5018 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a4895df-cc5e-59fc-920b-4531496597e7", "id": "CVE-2016-6794", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6794 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b89cf5d9-6451-578d-bcd8-2e907a412a00", "id": "CVE-2016-6796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6796 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68eaadac-5c37-50f9-ae16-f1b5cf251b65", "id": "CVE-2016-6797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6797 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad902f8f-b39d-5e9a-8fac-bf6c8de76cb6", "id": "CVE-2016-6816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6816 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4311c4d7-77ac-53ea-b192-0c78fe320c16", "id": "CVE-2016-6817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6817 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8811b01e-5587-5adf-854d-7842189d77ee", "id": "CVE-2016-8745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8745 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2da1944f-bd99-5a49-9fc0-58d9dea0dc53", "id": "CVE-2016-8747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8747 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80070929-afd2-58bd-a97b-fd99702641c5", "id": "CVE-2017-12617", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12617 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e903fa7-c3db-5f91-8fcf-3ad66fdc4891", "id": "CVE-2017-5647", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5647 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8460c5c0-670d-5be0-bf0a-d4864d5c2756", "id": "CVE-2017-5648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5648 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e99167c-0f54-50e6-8ac0-0cd70846a049", "id": "CVE-2017-5650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e02f415-2385-50f3-b90a-2b90c5dde779", "id": "CVE-2017-5651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0a92988-4114-5d18-bdd3-86add6712dd2", "id": "CVE-2017-5664", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5664 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b81215ba-021a-59b3-8576-58ef298bdba2", "id": "CVE-2017-7674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7674 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e03ef12c-d7aa-5c59-bd2a-4a845828373b", "id": "CVE-2017-7675", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7675 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e873c677-6b0b-5fdc-8b4d-16f7bbac41f2", "id": "CVE-2018-1304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1304 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e75f2f1f-f091-5e63-9f11-ee00675b03a8", "id": "CVE-2018-1305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42d26a05-2728-5cf0-8c73-e53328e37add", "id": "CVE-2018-1336", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1336 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c37f113c-7010-5d0c-9cdd-839d91344780", "id": "CVE-2018-8014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8014 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e699de0-a2b3-50b2-8b8e-98102b5451d1", "id": "CVE-2018-8034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8034 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81f06fbe-3b1c-522a-afaa-62d916a8a21d", "id": "CVE-2019-12418", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12418 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16fed4be-e659-50a5-856a-c1ff8a10b602", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8076aea9-6b2b-5075-88bf-849695d520ba", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b29fe19d-b0f8-5c6a-a0aa-2f49e054573f", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cfbfb23e-e629-5b8e-8c16-6f91e3604c03", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32069bc9-ee6b-5c72-952f-98e980e2ef5b", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf88173c-f875-5d10-9c88-fe89bc2d0f3c", "id": "CVE-2021-30639", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-30639 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92ba538c-62e1-5862-beb9-32d0a4d2e06a", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd3504c2-df7c-5fa7-b574-67f87ec8cdbf", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef3aaa3a-a6a6-5bd0-9e93-ac2cde0179ea", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ba2a8d9-e4e6-5a2b-ad13-71f0515e850d", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4d516a8-814f-5ad2-b264-93b3c92253bf", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f891551c-efd8-5843-9f04-51b82a238b64", "id": "CVE-2024-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38286 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71cb3a5f-a703-57eb-99b0-b3d0cba9ccec", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf23a8de-2739-5208-8a72-b13b64baa4bf", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8bf0d48-d9a9-5de3-9d74-41e5670f598f", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4f86eb1-55b6-5df1-acda-b6d6f92f74ab", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a97d33a5-5025-55e1-846d-08d583b1da7b", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7cff492-100e-53c9-978b-bdd596cf1947", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d7399bb-6085-5e1d-b491-0f16f9ee700d", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8542f050-090a-5d6a-b8fe-655d4933c67a", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6984f713-f68c-5de2-93d9-56fa3ba383d2", "id": "CVE-2026-29145", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-29145 does not affect version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api. The official CVE record (https://www.cve.org/CVERecord?id=CVE-2026-29145) limits the affected versions to Apache Tomcat 9.0.13\u20139.0.115, 10.1.0-M7\u201310.1.52, and 11.0.0-M1\u201311.0.18. Version 7.0.109 is not within any of these ranges" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47da8dea-e8f1-583a-84df-9d7632a6c918", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1251d2cc-8d3f-51c1-ac96-1adcf6c27ee7", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@7.0.109-tuxcare.1" } ] }