{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b9079615-3853-5a9d-bb35-54da9688b725", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-docker", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:71883553-90cb-5c6c-93b3-aa541a6a11e5", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f2e7f1c-5d4b-5627-b027-8f15bd3015f0", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5cb502c-118c-52ba-a179-f9ee530c61c9", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e6863d9-3bfa-51ba-a0f6-c6a95f30c383", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf8871ed-dead-554a-b8d9-b73ac31330be", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:670cb04b-45b4-5b3c-b344-b3ba7d2585d6", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f306e943-01dd-5d0e-924c-7606ecf248ad", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77ad62ba-324a-55e7-a10d-3551128336f4", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5da75ae4-95c3-5fbc-a02c-96188ddfe22c", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2d2bb21-a33b-511d-83ef-3baaf196658d", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06a7b97e-962a-5c33-89bf-7ce3a88a1398", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4de43b5-ec16-5d4e-93b2-fe10e4688723", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f454f32-2412-5c4a-9b95-32467f12b578", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-docker." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-docker@2.22.1-tuxcare.1" } ] }