{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:218c9820-e679-5a0d-badd-ba3be708986b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-juli", "version": "9.0.90-tuxcare.7", "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b6d913c8-2879-55a4-8045-3b49be116153", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0d2f537c-9eec-5381-96aa-c8d17de0d7aa", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:dd6b99a5-6a8a-526e-a1ac-a91935028688", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:96c8a993-316b-587a-b8f5-6cbb56829e38", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f6c4088f-d146-51e0-929e-f01542ee81ac", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:691880b2-acf2-5018-b77d-2a5106dd4e71", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5b8d233f-fe21-59a7-be58-9dde6685768a", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:40168e6f-7cc3-5653-b87e-af6534f664b9", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fdc67d15-0f32-5529-a0d3-f3e7106b20b7", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fcd6c69f-25cb-5f31-8970-ca83ee847c74", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:15c1022a-2f99-5759-a633-a7b469ac06ca", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:064e84d6-72db-5def-9250-4132da950c76", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2c76ae34-96f0-5f98-a1bb-411b10bc7314", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:39fbb998-fd06-545e-b25d-e0987ab0117f", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:de1e6025-65a9-5a35-a6b1-c7731ea9c725", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ca4442c7-40f1-59aa-86a6-ba5680a18cfe", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cdbd018f-1010-5dad-9a95-915ba2691fc2", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:274f9a61-0211-57f1-b0e2-59a15a38a45d", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6a4bbe7d-ca19-5647-86b4-1be4798d8c03", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d3b104cf-f34b-5d1b-b684-4591f262da51", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e0e37d21-2c1b-5052-b277-98f64378c39e", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:bc397bd7-2637-5768-82cf-bb966b0d655d", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d4432439-d1b7-5482-ba11-d5af634550f4", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:af0a7d0f-a97b-5ef0-9d7e-75eb75070a0c", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4757c018-f4c4-553d-8e63-b58fed8e0fa2", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:80231cde-0459-5ff8-b0f5-89232d275e23", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:067fe3ca-90dd-5046-a97e-1ab78ca2f0e0", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a53ef4a3-87f7-5b27-ae89-8a86912ac99c", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6a091213-a147-5d9e-b1fe-903b04805eb3", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:032acbf4-7c9d-5616-9f14-52bc5d179631", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:83b4a69d-0c3f-518b-947e-d2f147c1306d", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d6b0b637-ad50-5063-bfcc-507249108701", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1a81b16c-fef6-50a4-838e-0c24061d598f", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fe5ac083-3244-5288-abe3-d473465fbf12", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b15962f0-a931-5b6f-b677-eeb23fba9035", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:662f7510-6e70-5b91-8426-539debca1f7e", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fbaabc49-5a4c-5730-9d4a-33396248731b", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:bc8382f5-b2fc-5228-b1a2-c6d6d85d2962", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a6bc980b-f3b6-5b7e-aff4-6cb87a5944ef", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3d335d54-3041-51aa-8e1f-406e8ed8c492", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.90-tuxcare.7" } ] }