{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:92e2c8dd-4725-5654-a778-f2061dae8aef", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-bom", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:863fdfc1-a164-5f0f-985e-6622533791c9", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a256b79-67d7-5c97-8414-f022187653ac", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76e69ad6-8f4b-5ba2-8f17-b7215d422d40", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:038f8778-7671-5f7b-8e30-90640b95447b", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48209314-dd3c-5ff5-8c67-472627f4e32c", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cd77be4-13d3-5317-81a1-748b503f8685", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19fe3fbe-9545-5a83-83b0-741c4fd8571a", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:25a53b55-75c7-525d-b12a-67317f39b468", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e2cf625-1e23-5d4d-aa67-e39d9487fe91", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd8a8684-91b3-5628-bd2a-2522e7d0285b", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83b1cc88-33e1-5473-9592-e8cd0fd931f5", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1afdd22a-84cd-5288-ad9c-eb78fd068872", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4de4c7e-93f8-5c97-b443-0c3f77259144", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-bom." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-bom@2.22.1-tuxcare.1" } ] }