{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fe432711-25c2-5d24-80f9-990fb99abcdf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-cassandra", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:add3b3ad-9823-5c26-9a92-e576efc0f200", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a55dbcb4-7c1b-525e-9760-d0153093929e", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12d78a8d-d5e8-5c1f-8164-427bf8df559e", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fca15e4-b3c8-5efd-af20-0c5f2735004b", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23fbfb20-8608-5b02-8e6e-1e6456ea76f1", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d051614-58f9-597c-b36f-eae7a9e07e83", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a0b2c28-f68e-508b-9195-678e75a315df", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c5c0f19-99a8-5453-aa1d-1361e1dddb29", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9925b805-240d-56d2-bfbf-a751d7e06712", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7f96201-502f-584d-8c5a-497eaf274eea", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3542f30-24dc-5ea1-882a-8a076999450a", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28638969-f552-54bc-93e6-61c7983e9654", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71c16b56-850f-5d3a-aca0-b87c3d5aa9e5", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-cassandra." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-cassandra@2.22.1-tuxcare.1" } ] }