{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cbabad32-bbaf-58d7-a6f5-2f9d1c0fc676", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-core-test", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b81e8e6d-9691-511e-9669-1abe679f6fa0", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b08e440-71e3-5a47-b433-d3bc970c6f8e", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3028bc4-8c71-5d6f-84e2-fb521680b370", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8cde0654-0b29-51b9-8167-fb9f94f4067c", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0650d938-2414-506e-8b65-8e394af550c6", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:615b1f51-d7e2-56ad-b3f6-b12dbd303f33", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6d3d51e-1970-5791-b4c4-5bf5998e8b17", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cb0153f-f864-580f-9747-6d4cdace55e0", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4af1fc60-cce7-52d4-b38f-ebdb412b0878", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9dcbfa0-c49b-5c74-8040-301bd08e823c", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aeefff3a-4ced-50ac-828f-cba6c2f9daa0", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:078f89f6-57ac-5c65-acf4-c3e5c5f4c647", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2db31129-338e-5335-a699-c1d6e3439416", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core-test." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core-test@2.22.1-tuxcare.1" } ] }