{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1fdd46c5-e557-56c5-bd65-782184552af7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-couchdb", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8aebba6b-b593-5f3d-950a-ac7926fe0fb5", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f3fd5af-8a92-514e-8172-3a914b3cd00a", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b103066-dafd-504d-be45-a50e076dfc22", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:773f26e3-1e70-5e73-980f-7a4f300662bc", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ce3f4d2-ed06-528f-a5e6-58c4b0866c69", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abcd3e15-5fe2-54c1-b0ec-f8c1d5474ac3", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c5e7d6e-e34b-5e5a-a4a2-8f7d2a44bcea", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bfa41784-a969-5af7-9729-32d8d8d98c47", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95505a80-d0a4-5fc9-aa37-0ec74b5962c2", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22edccf1-cb23-58e6-be4f-043ef5853e55", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac22fd1e-3f7d-5fd8-8fad-1d63a3f96cbf", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd41870c-d95a-5948-8cd3-1c427d892a66", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b331833-5e2e-5d15-842f-a1d41ac1499c", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-couchdb." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-couchdb@2.22.1-tuxcare.1" } ] }