{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a66fb060-eb26-5c00-84a9-9e72d0f1f9f9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-tribes", "version": "9.0.90-tuxcare.8", "purl": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1a0f3096-def4-5d93-8a0f-82a257521c6b", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ffdbe899-e8e1-55ec-9ecd-49d30df67efd", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:30a250e0-20ed-5c34-a1e0-4a2be8c1e96d", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1bc6342f-ca4f-5aca-870a-2bc2cfb68bf2", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f0cc288f-02d5-5c19-814c-9eacec504952", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6be4a110-4116-569b-9bb0-22e5e102b02a", "id": "CVE-2021-42340", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2021-42340 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes. Patches already applied: 31d62426645824bdfe076a0c0eafa904d90b4fb9 (already in target via 80f1438ec4 'Close WebConnection', a37a6d312c 'Fix BZ 68884 - improve handling of large scale WebSocket disconnects')" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8d1febf9-f095-5318-80a4-df916ad7329a", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8df1f3e4-5803-57b5-8841-6dcacd219b50", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7c67cc31-354f-5590-9b64-5295ac021f82", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4c590d05-20b6-5bcb-94b7-a1be6b205d82", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:315170a2-daab-54b6-865e-348e2b96c741", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:eea324d1-c292-5f60-868f-18b44a633af5", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6f3af736-6278-5e9e-b9f1-d4da24956694", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1fe5b7cb-8752-58cb-9c00-25ce7f5eda74", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:41cd4aff-0ea0-5724-9724-e4b45fb7e194", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:613de59f-bece-597a-a91c-ef70e01eb55d", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8788c632-101f-5a19-b4a6-54a477a43404", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e681d6ea-3047-51f8-83f4-8e45419c9912", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:570e327f-2104-5add-aaa9-64b52d52c7eb", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ea73f85d-48fc-5ade-a722-2abea70eaf11", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f836545a-b472-5a62-87ca-290e53626cb1", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:acb4bad1-fd74-5b53-a061-01378bacb8a5", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:77377afd-e7c5-5021-9193-5a1d923e1ef5", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ec59b250-e78d-57b7-ae45-24e58299313e", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0fa129d0-f0d7-52f8-8cba-c2701de85811", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3cb00273-cc4d-5307-9d1a-681fc8a0032b", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:94c57b3b-46a5-55b9-bdd0-ed942b5d2b41", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:42f431ac-0e2a-5968-841a-6006e051efe6", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a42c48e7-4a47-5385-b790-ac315586ea4a", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:797d79a4-7ce1-5c20-85f7-0ebbd26052f1", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f5d6caae-9aee-5b52-ad62-00b47a00cf2a", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ac5ed428-531d-53e3-9e84-5bbddb1de4e1", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a5f22760-782f-575f-9fec-2257bed5ffef", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6f519b04-f58a-540e-a33c-cc7a27c1eb13", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a2320497-20a7-502d-8156-bf9d40e81001", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4577f748-7e30-5778-ac2a-23efe7643211", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:50f83896-08ed-507e-bdc1-b3998ee59fde", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:72fd93ce-7d0e-539d-a97e-dedaf6ebbf27", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b6fe167d-513f-574d-9b83-3d29322840b6", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a2a68805-fec5-5c77-abfd-2b79182b037b", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e0606064-c6cf-532b-9fac-31a82ba0d47c", "id": "CVE-2026-41284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41284 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ba7a4b89-00a1-5c19-ba0d-0d96b88a9778", "id": "CVE-2026-41293", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41293 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1c0886e8-af8d-5c85-9555-12f8f5a12dad", "id": "CVE-2026-42498", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42498 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e628a9cb-9d60-5d92-b3bc-27d8f4f1db39", "id": "CVE-2026-43512", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43512 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:bb0d7cf8-7b24-5d50-ae60-6dc04b64566e", "id": "CVE-2026-43513", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43513 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f7187cad-e792-5837-acab-d52833acdeaf", "id": "CVE-2026-43514", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43514 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7bef609c-8fa4-5a44-8c75-69bfe3cb0b57", "id": "CVE-2026-43515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43515 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-tribes." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.90-tuxcare.8" } ] }