{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d10d16da-c513-5981-8bd3-5df6f275ea6f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-appserver", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:24b53f9b-aed2-5fd2-93ce-130530b0da39", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3faa24c5-09b8-59bf-b85a-ca39115c88d2", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36c1a3d1-6ad2-593a-a992-9a79b1910516", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6577edf0-d682-5915-aa6b-da6c273d477b", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a5eefa6e-84f5-5f8e-958f-fc9d2c93fb80", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce4ac5b8-8fc5-5206-b462-0b2486224a7d", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97faf17e-9953-55e6-b2bf-85694cea5e1d", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77af0b7f-c509-59ce-8b7c-45769fd93797", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e299553a-7bc2-5373-b7be-c4d8d58a74f2", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c49617c-e295-5a71-82ac-3be0ddd341f5", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0803e619-a75b-5a91-9011-2dbc502e4dc6", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:133e9e7d-55a1-5def-81fa-bae65c31480c", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:436cc46e-4e92-545e-8f75-2be05d52018e", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-appserver." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-appserver@2.22.1-tuxcare.1" } ] }