{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:86def469-2470-5dd6-86ac-1c53d8ac307c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-flume-ng", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b2f82b37-08f2-5027-b4c9-1aa0d7de1462", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac128478-9580-5215-aa49-87d005dc6161", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26e64604-349f-5ecd-9515-6ee63066b695", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ced4792e-377f-51fb-a5bd-6a83190b0f35", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b5b52cc-5efe-5279-a0f7-689ca67197bb", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77c95574-2534-5af7-9b76-99950d0160dd", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28b3de46-ace0-5cde-8dea-d1fa9b0daccf", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05e08a9a-f3d1-5924-a85f-b82513a9d5a6", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd4bad46-e1a2-59e3-a6ca-c65cd8e497f8", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c66bccb8-5eac-5f10-a503-088cec63a14e", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a24c3fa-a44c-52d4-b5ef-64701bba35a7", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2b15f7d-7fa7-59cb-b6f2-e89f58cbeeb0", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ddd28522-b9b8-586e-ac87-abda199c56bf", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-flume-ng." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-flume-ng@2.22.1-tuxcare.1" } ] }