{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8c4727fd-dce2-5dc3-a0a2-fa207f3c17d7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-api", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e1e0e904-2b12-5bb6-aa11-e2bf92fdc8da", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ff1b1b3-264c-5d19-9862-d547b2ff92e5", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a82b1b6-4ac1-5f1d-b292-1d37dbfe4029", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9afc3cfb-54b4-5ebc-8b90-a498b51a5a68", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63f8f1cd-f527-5b76-8fb7-e257263d463a", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:439cf099-d89d-5efd-8a24-758ff70f1b4c", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:734131df-ab0f-5d08-a0ce-3a57459971e2", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0ba06ed-30b7-5fe6-b669-40bf3f81e306", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae96a3a4-abc4-591c-b88c-a2b85f3e738b", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a279285-b28a-5477-b8ba-d22b5c36f12e", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18a43421-7d63-58c6-a1a0-215d651b0fab", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d265f6c-b0b9-5038-942b-4c0b35be2415", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bef2cc31-6209-5eec-84c2-1dfbc5e52b50", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-api." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1-tuxcare.1" } ] }