{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:601597d9-371f-55af-8c96-660a23365778", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-1.2-api", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0a0585d8-42d2-5bc5-b910-728f1a845965", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85403a0c-6859-56e4-a966-a96a3e050f6b", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d2bbc2f-d1ca-516c-8362-27b0f4a6443a", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4300759-92f1-560b-ab01-d11212ad4c62", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ccf3ec7e-4c82-5ac5-9d30-af7ad797b390", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c12bbfb-d916-537b-a860-876eeb6f092e", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16bcbbef-4fb8-577c-940c-393756eae00f", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4b3cf51-6f01-53f0-8383-d0a82ec345e8", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec80e2d4-6492-5331-9ff5-0f825ac3ee85", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b40d387-ca0c-5cb1-b163-a2f9ed7e43c7", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f6a016f-3564-533b-99c1-2f418fb61065", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3f8a0b0-6658-5240-a7d5-3ddf834c57ac", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05478c4c-3160-5e98-a56a-f9fa2ce951fd", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-1.2-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.22.1-tuxcare.1" } ] }