{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6902d5e5-811f-5d9f-b25d-d69a2b19c65d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.46-tuxcare.6", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4c28fcf4-dbc4-5f7f-8d09-ab7ad81ce5ef", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:775f6778-ca85-5596-9f64-c65eddfe2066", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:48072b63-9f07-5709-8606-9cd11ce2f1b9", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:87e7b343-6293-5e0e-96f8-a189871f6f44", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:91cb872b-778f-542b-9ed8-33f302800b8b", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f4d49f07-cd3f-5030-888d-cf85ad613764", "id": "CVE-2021-33037", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-33037 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:463c99fa-468e-52e3-8be4-c959b1ff04d4", "id": "CVE-2021-42340", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-42340 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8c7cc90b-b735-5771-9c26-2cb371daae47", "id": "CVE-2021-43980", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-43980 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a8cc8321-850b-5501-bc8d-b3efb52aa59a", "id": "CVE-2022-23181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-23181 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9f5d1856-92fb-5f7a-b25c-49c781d9103a", "id": "CVE-2022-29885", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-29885 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ff7685a8-1c4e-5e54-b418-133b83d45d12", "id": "CVE-2022-34305", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-34305 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c92f9db7-0463-5dc1-b040-1b693bcb9bdc", "id": "CVE-2022-42252", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-42252 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:33de79c6-e82b-58c5-9f9e-e3ac80820fb8", "id": "CVE-2022-45143", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-45143 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ea0e0f87-fa05-5cfd-b596-f106a3b9c543", "id": "CVE-2023-24998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-24998 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:512ac927-670f-58d0-a1e9-d30bee5f55d7", "id": "CVE-2023-28708", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-28708 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9399e3c3-981d-5b2e-ad0d-7b904e51af8c", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bf3a4499-c769-53c0-989f-2c4a2bf3bb59", "id": "CVE-2023-42795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42795 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f37e0bc0-e6da-553b-8197-242f250402da", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2172e982-2870-5475-9300-f4d48cfe1008", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cfba8994-1ef3-5c46-90b7-a1806530c8f0", "id": "CVE-2023-46589", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-46589 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c51fb276-0dac-5a15-a56a-8cf4ccbfd552", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6bbfb8bd-120a-5951-a0bb-1eb2cca416c2", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3e87227e-d5ce-5ad6-8032-0ed0748e1b4c", "id": "CVE-2024-34750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34750 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:364db735-91cb-5058-9d69-f0945e8db7db", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5c66ed5d-ed1b-567f-a7ae-e682c2be0bc0", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9fd579e0-05ff-5a3b-9d87-99284fb82b6c", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2081e74b-474a-5937-bb47-49601c7b5a82", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:900a797e-ff09-5e18-a882-72a711456ec7", "id": "CVE-2024-56337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-56337 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8a8e2d89-1134-5fbd-ad1c-dce091043149", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c765988b-2a20-55ca-ae09-46e5757473b0", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c961d83f-1eaa-58e5-ae81-9e542ed90d8c", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1af5b247-6adc-5d42-a8cc-d6499af08966", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a4696deb-8543-5530-9766-69c61f9775cb", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:02f7dc13-56db-586d-b002-4776b81d447a", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3142bd0b-0ac4-5cdc-83bf-49749669ff91", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:410db20e-94b5-51c0-b678-fa938ad3bf97", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1fa569d9-6a87-5c29-80a9-f3e5687cb28d", "id": "CVE-2025-52434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52434 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2bdd3d0c-9241-50ef-a5f4-8dec9d9fa456", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8e88762f-e883-52a5-b524-9e27dd2aee72", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f17d8753-7f4a-5a32-8f14-13865462998e", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b9e42821-bc43-5e19-928d-874ab466703b", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:83e8da0c-d5aa-5366-9809-ff6bff00bd1b", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5870fddd-70fb-51c8-9cda-747b0cdaae05", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:49f5c495-0936-5248-8c7d-278f29416892", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2497c4d9-8082-5b68-8790-96699f29fdb7", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:09cbab77-2f32-5be3-a4e7-af292193e8ad", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a2d94cac-b586-519b-982f-3506db6b8998", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1b544b5a-b7f0-511a-b5ad-c520a2f689fe", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:edf109af-1524-589a-b7df-700427517a78", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:353d4591-82ff-597f-baa3-fc8cd3dba7c7", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c26dcbaf-c256-5c43-b82b-01990e623851", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5b483f20-2f11-54e7-9cfe-a60d81b998d3", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.46-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.46-tuxcare.6" } ] }