{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0f7af301-31cb-545a-b65f-80f8f23d7f7e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-api-test", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3c95afa5-d6f7-5744-9adc-010fc2ad424d", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a5d66bc-8258-5ed6-9efe-6fea151e47eb", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a24afa40-75de-5e49-9614-8cdf7bab15c9", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99328250-1d2d-56a5-ae11-e6abfc61b3f0", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:629b8eb0-d06a-5f75-879b-9691eb3ca7ab", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b3e0d1f-dfad-5946-9b70-61feb3714f65", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a794f7a-ffb6-50f2-888d-2df120be6a1a", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8fa55bd-d3cd-5117-8977-866141aa60e6", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a40067cd-5c97-541e-a3dd-013f0a6b336f", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c612fcc-7f84-5d11-be7a-df044c1f03d1", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c845abb2-793c-5f98-af12-cae82c33d967", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b37dfb7e-eca8-53a0-a758-8f9b23b0b7ba", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7dc32016-d6c2-5e31-afb9-11ef6b3e2389", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api-test@2.22.1-tuxcare.1" } ] }