{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a656d419-e37c-5d89-87f4-031bfb5718fc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-ssi", "version": "9.0.90-tuxcare.8", "purl": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2dffd953-1fa6-588b-8fb7-ebf80364d549", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a75bcc85-ae5f-5ed6-8116-64520630df82", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0b5ba5f5-e624-5200-bf32-4cfde00c1b95", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a7661ca6-017d-567a-88f3-863f81bea828", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4658ccbb-fde2-5d13-8e49-25b595c434b8", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e06eaf9a-773e-5887-b28d-223d998f0d52", "id": "CVE-2021-42340", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2021-42340 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi. Patches already applied: 31d62426645824bdfe076a0c0eafa904d90b4fb9 (already in target via 80f1438ec4 'Close WebConnection', a37a6d312c 'Fix BZ 68884 - improve handling of large scale WebSocket disconnects')" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d4e936e1-7a0d-562f-bd65-fe7b8b137588", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:085aeeb3-d2d0-5f8d-8e30-19d1e72405b9", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:10cec3ea-b708-5e9f-96c5-7f931363d189", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5a79e856-af22-5fe4-b204-60c73d14e60b", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3e742557-56cd-59bb-ae4d-a4b240fa7368", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5ace14c9-d897-5ea6-ba8c-53a6a602d03d", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4cc8cc56-a428-5348-9e1c-704051c9a3d0", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:758492cc-f45a-5ac1-85eb-436439d88eb6", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f8eb1440-6d2f-5819-b761-62ab11c5846d", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:015d4467-0f9e-5159-a25e-4aaab0b7341e", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:9b25d6ef-0a48-5111-8595-33275cf6e99f", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8814147e-7d86-52ef-8105-4573dd37d06a", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3e9be920-b841-5024-a053-aef1b04d2572", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:60b8bc59-16bc-5e87-8653-da707ffe7322", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d00e3b27-a466-522d-8b04-5e8c846db271", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5766ca08-468c-524b-8304-fcb15cb4bc80", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:21b56af1-5b7a-57ed-91df-233e5a8261e8", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:63c88fcc-1493-52e4-9e10-f5e7af90e636", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:324bb4a2-96d7-5a2c-b737-2af6347be59c", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0b522159-6906-5936-9128-a64d0e700fff", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e2e3d9ca-76bd-5881-9618-26cf763285c3", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4f7f6bb1-2d52-5541-ba3e-a498bc42ce64", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a19565df-d9b7-556e-9ce1-cc12ba90bbd6", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:639aec5e-c255-53df-9a7f-51766c8dd622", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:238508c2-0960-527c-aa4c-a3ba5380e55c", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:eaade9ce-3295-55f3-a4f5-1260bbf10eb2", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:2ccec69b-afa0-51c0-aba5-b572c7392762", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ce2c6249-356b-5f7c-93d1-e37c895273ca", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:84e719f1-59c3-5150-bb3d-10c8793fa1cb", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:67d101fc-79c5-500c-a357-89e487874262", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:da4f42b5-1f6a-5d17-9963-8eef4910a888", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:bd5f8395-70dd-527e-8a9d-78a1e4d2610d", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ffd4c2f8-cb0f-5a31-911a-f7b860650ffe", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5b1113f0-09c0-5370-892f-5d9a0b303f37", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ac2e9df2-5752-5f72-9da7-46bd8e29d6de", "id": "CVE-2026-41284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41284 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f1a80c3f-6b84-53db-803b-d7937e61ffc3", "id": "CVE-2026-41293", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41293 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:be040bbd-73bb-5c59-98c5-834bde5e6aad", "id": "CVE-2026-42498", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42498 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4302ac9c-05e2-58e5-8b9f-4633856a59e6", "id": "CVE-2026-43512", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43512 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:584ce4fe-3582-51ec-b5ef-59b2244eb151", "id": "CVE-2026-43513", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43513 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:281f77bf-d63e-5584-9efb-d32fa00d68c5", "id": "CVE-2026-43514", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43514 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:dfe37d61-e216-53d8-a706-be82aa2c69e9", "id": "CVE-2026-43515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43515 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@9.0.90-tuxcare.8" } ] }