{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7a0fe51d-4608-5bc6-83b4-743a05455afa", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-ssi", "version": "9.0.90-tuxcare.7", "purl": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:eb06d66d-04e3-5185-ab8d-c364e6bd0234", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c174fb0f-a9d0-550d-a485-a07074bd9fd2", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:739684de-f3a3-5cfc-b095-ef4f017b5561", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4aa3a700-9209-59b5-9e5d-1e642b1df942", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:eac18479-4047-5e19-9134-3286f73e4041", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ce90f5fe-a0c4-5cae-8e8a-e96ab6f0d5c6", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:94558047-a932-5b25-8c37-eebf2114088f", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:183b1446-6895-5c47-9354-0556db6a68fa", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:099f83b9-7bf9-50dd-a646-a4a0978d7831", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:894bd51b-82cd-55ba-a35c-694ebf0ee1cb", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a7f111b4-d81a-5538-8ab8-c671e0e5c1c6", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1a562c71-ab8c-5013-9598-e1604e7845a0", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:86584eca-e3f1-5c2b-9182-c1c3b291dd34", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:137c7838-e08a-5ff3-9746-cce1bc6b495e", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:811ae48f-6fe1-5005-9a7b-bde6e4445bea", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e0efb1a5-809b-58db-ac0c-7602c34107f2", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:68adbc4e-22e0-540f-8fdc-7a05bac01788", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2a220d52-9f92-5eb2-999c-806fec2f4c7d", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:510cfb15-28c9-57a3-9233-fe427e5fb6ed", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4ae31b60-517f-54b5-99e1-eb06dcddd968", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8c0899af-072b-5e67-afd0-0dc70aff390b", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:94d0c00d-d10d-54a0-9f91-a560222cf6b6", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d75b04f7-dbb8-57ad-9349-2d9b048a8026", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:672f3996-1e46-5cb6-865f-c6073021acd5", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:dfb2a504-719a-5dde-9ea0-abe4a6380c9f", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:98539cf8-c08c-5ae9-be7c-39f42666c333", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2e46022c-00ee-524b-a306-00bca95ad3a1", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c658dd23-29d3-5aca-82a4-8983f7a32ac9", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ee277a29-a446-58e8-8d44-2b7305d42fe7", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ceb52d1a-8216-5cfc-a707-3770cbc9db10", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3dda6e72-2025-593f-bdff-e9da0b13273b", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5904af5d-4e3a-5ca5-bf1d-a0f2ed93d2bf", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:72b88d0d-0eb7-5cfa-a5cb-0907d6ac6514", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f8f86a3d-71ee-5480-b4a8-319a40dd0f33", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9256e0e8-39a2-52d3-8ed1-f905174e39de", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3806cf18-e05a-5ada-a125-6601751d7478", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d44c9b3b-d790-5509-ba27-448f5ddebcea", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:14f4f1ea-2d3b-50aa-a878-27da4b9bdb4c", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5f8cd9d3-ab55-5d3c-9b11-780db8a1a9e8", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c36c3e7e-dc94-58f6-8c0f-9d222080ced8", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.7" } ] }