{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a0bf3176-300b-5a72-984a-d7f53516e07a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-tribes", "version": "7.0.109-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:366dccff-f883-5447-8096-74018b8dee09", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28d13257-3c03-5c63-9f99-b1a81f10a541", "id": "CVE-2015-5174", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5174 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e08e2638-f163-5210-8f73-cb0e82aaa319", "id": "CVE-2015-5346", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5346 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a3b11bf-1e4d-54ea-ab2d-aba141a66db7", "id": "CVE-2016-0706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0706 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec9ffdf5-9e31-5d0a-a5e0-70da6b56d99e", "id": "CVE-2016-0762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0762 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92baacb6-0ad7-5d24-b151-29e402c2aa13", "id": "CVE-2016-0763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0763 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c539fae-ed64-511b-a022-7be9351a74d2", "id": "CVE-2016-5018", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5018 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa94ee39-df91-5ef0-9b0f-d8cada8e1a32", "id": "CVE-2016-6794", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6794 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e0ca55a-9e69-5b05-9b1f-fd8a13ddc1b0", "id": "CVE-2016-6796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6796 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54bab5de-3a92-5d92-b17c-0ffa7394cba1", "id": "CVE-2016-6797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6797 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02bd2c10-b38d-5ef2-b24b-69b3c24e9c83", "id": "CVE-2016-6816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6816 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9b4bf81-46d1-534d-8bd0-074ea827fa67", "id": "CVE-2016-6817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6817 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7160e77-759d-5c08-a0a2-b0aed4fb6cac", "id": "CVE-2016-8745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8745 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d0021d1-f239-545a-86ef-f75f098b9ac4", "id": "CVE-2016-8747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8747 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3394187d-e5ca-5e57-8716-741ef183f52e", "id": "CVE-2017-12617", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12617 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad5922c1-f1a4-55ed-b4d4-ccbb1470698c", "id": "CVE-2017-5647", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5647 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ffc5834-6b90-50e7-8e62-664364ade4a1", "id": "CVE-2017-5648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5648 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2186f2ca-e28f-5206-9c97-23c9a99ede1f", "id": "CVE-2017-5650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7768960-3d19-555a-aa38-c17d8437d5db", "id": "CVE-2017-5651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdfd68bd-f771-58ed-b9de-0c008c346aba", "id": "CVE-2017-5664", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5664 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c043ef06-5ee0-5729-bf57-9059baa1608a", "id": "CVE-2017-7674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7674 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9283b4e-c17d-5641-afa4-128045afd604", "id": "CVE-2017-7675", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7675 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fccb9899-b9d9-5072-81d7-1bbaadd72558", "id": "CVE-2018-1304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1304 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1001e2d2-0020-5d5e-90d8-81ebc236745c", "id": "CVE-2018-1305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8101cdcf-11ed-592d-86dc-5c0a6c4c415c", "id": "CVE-2018-1336", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1336 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a92a127-b514-5251-88c2-fe4b2cf2c034", "id": "CVE-2018-8014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8014 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d827e66b-e63c-5605-9c5f-610e67a265b1", "id": "CVE-2018-8034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8034 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6365a8d2-5879-5af9-981e-30a39d991883", "id": "CVE-2019-12418", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12418 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:afba01ab-9d2f-5f63-aeb4-26f2bb3bd9ec", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8717e609-2a8c-5a62-9dee-9284caef5d38", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79c1c8af-26f7-5085-8467-773200a19ff2", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41ae5c39-5e29-59db-8c7f-e1f1dc27039c", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:641f8999-910a-5f5b-b4d9-194f75d8152b", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03d543da-4646-5728-a552-8c9871bcc363", "id": "CVE-2021-30639", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-30639 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b557b7c9-75f2-5411-b08c-f5c2f125cb6e", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fcb57059-c3a6-5c77-bc7c-a9281d85935b", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b117c635-c3ce-53eb-9990-7f8006cb95d3", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b0690d1-cd52-563e-8426-65621fca1295", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:817956ef-3c16-571e-a304-a8a921009348", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b968bc6-7a87-5750-bd44-51f0cf27682b", "id": "CVE-2024-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38286 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9906d59-c575-50a4-b63b-b6da0191f8b4", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ebec777-cc55-5f85-9be9-16c39c1f9745", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cf84cc9-b31c-56ce-8191-ca72456636f6", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab2d612c-05bb-5bea-9130-41a83b61e276", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e5b28b3-9f58-5cfe-b5e0-88e2f2c160af", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d70dd0d-b7a6-58e7-94f3-c5df6e9a6ff5", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c7412da-7443-5ddd-8110-e44ced3a65ec", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa6a67e0-b290-5460-b051-d8e66121ae82", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0508188-a3d3-53f0-b156-228f8986ffcd", "id": "CVE-2026-29145", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-29145 does not affect version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes. The official CVE record (https://www.cve.org/CVERecord?id=CVE-2026-29145) limits the affected versions to Apache Tomcat 9.0.13\u20139.0.115, 10.1.0-M7\u201310.1.52, and 11.0.0-M1\u201311.0.18. Version 7.0.109 is not within any of these ranges" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:533999ff-80e6-5fc8-8793-d6e4e095ff01", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08db0371-63ab-5073-b58d-f5b3319d0d6a", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@7.0.109-tuxcare.1" } ] }