{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1b2205c0-bd63-5aba-b2d6-e1ab241b57a7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.90-tuxcare.7", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e68dfe84-89b0-5863-9ec1-4eb1bc47cdfc", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:81260127-aec3-5356-af91-e4d9e113215e", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:294cb254-bd59-5f6f-9eed-1d61b040a56c", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:dce0fd16-8a50-518f-a9ee-0babbf3e10a4", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b49fb5ce-73a4-5957-a6fb-76c66ea7b7bf", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:79ae433d-81d1-5812-9876-fb705345ac2c", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:293ca854-e3f7-5742-8f87-d9f61d58fddd", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1db36505-dc30-5aac-be45-7437c361cf94", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:eec26df0-97a1-555f-a79d-5ad688aed8bf", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b444b12f-da94-57c0-9857-36f8d7ce62db", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d9a03312-b284-53c5-b2cb-ee3211d46ce7", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:29a94696-3e2f-5406-8c7c-809c791beaad", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:454b24cb-7edd-504f-9811-69b5ade9d868", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:80ce5b15-e70f-55f2-bc90-ad4a6bf0bc01", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9eac6c24-a022-50b7-b0be-2e613912a32d", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:67eb20f2-2376-56cb-8f34-98cfd409002a", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1d65e917-244e-5c17-946a-2be6680ba1ac", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5c91c592-6b6f-5855-a2ab-130a5f2acb58", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2487b00b-b6b4-5b49-b2c5-f48d558c9d64", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c97338e1-9861-544a-a7e8-8b7ef5ddb935", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e2f8f3f5-306b-53ce-9ebf-246bc1651dfe", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a6bebb20-d00b-5a47-98f3-763bfb9f514e", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:52cc58dd-3e98-51db-addd-142c3c3676b6", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cc4eb331-8121-5c72-9d12-aee839c3d151", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:485ca65a-fb0f-50cd-9e0b-6cd5377ed337", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:79303c91-8ec5-5d00-a7b8-50d843d7461e", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:deb0d58a-fc59-5675-82be-79423fd586c1", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f2399836-cc36-5904-8c39-5c9ffd26e11e", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:aeb06332-21e1-562c-8d02-8f3a0dcf5528", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:870442c1-8b65-55a0-94ef-21c9563c4a4c", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fee0e452-5f35-54a8-b609-dc1f7c9cc666", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:810d9565-8989-5be6-b189-721fd3057975", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4381d934-f5ff-5ba7-8aee-fae80ca7dc41", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:52b51dff-4084-5258-a1ed-2c988c347855", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3bff9dc7-050a-5894-a499-09515ce7211e", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:14c8e4b8-d2f5-58c7-b6d7-ef9a62dab545", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1f500167-2be6-55b8-9ca5-f9a3e6965063", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0e08e13b-48ba-5ecd-a655-33fd8222bc13", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5220e04a-c1c2-550a-a439-c42b0ffedfa5", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c7eba716-2736-5445-92ad-b6c0cfbf1e84", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.7 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.90-tuxcare.7" } ] }