{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2c17f230-2d25-5f34-8b6e-3d7cb48d4695", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-core", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b93410d8-1d04-566d-bb68-716433756e3a", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bfa6e50-951c-5342-b67b-247034609dd7", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0bf991b-7a3c-55a2-ba40-ffc4d1273975", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f3b702b-0f9a-530c-818d-519706adc54a", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:881141da-5e0d-50a7-8ee7-b313a851eb74", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b89974e1-4097-52b9-995e-b12fd675d0c3", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60fdcd6e-8a6c-5ebb-8506-d3d97f11432d", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c9184f8-e782-56b3-a003-e5c9529ec65f", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5014617d-3321-5a93-bd59-2ebf7771e7ee", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:453771f8-b7ca-5beb-b0e5-46ed95ae22c1", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e679da3-eec7-5ed3-84c0-e8e5810b4c3c", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26ca1d74-49b3-5937-842a-4e9a7656604d", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec8718db-bf08-5ee7-a240-3de57dcba063", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-core." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1-tuxcare.1" } ] }