{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4c9e600c-abdf-589b-b6af-89ae6b603ade", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-iostreams", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8e346a8e-d1c8-5dcf-9daf-b6c4478cfad8", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b85a395b-1978-550c-b027-687817bde85e", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:194e1522-7ff8-5aae-92be-e0357602def0", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d80c049-5351-51db-b5c6-c3b421856cda", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9aab674c-e64b-5085-b03b-008a2e4a45b5", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdd96666-dde3-5b8d-afef-2b10a8b0afa0", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a684fe92-aaa7-5806-b601-9fc0708c0ae4", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:463b0cee-ebed-52cc-99a5-6637cc3e4f8d", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a328a172-39da-5926-a692-ab82143653d5", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:afa0381f-2ee6-57b6-b264-cd70ca87e0ae", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:115f153c-2266-5d8f-8bfe-0ec9de1c7bfe", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f098db32-e541-5cca-8fa8-0d11835dcfc3", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d949926b-854e-51f6-a722-166a8294d219", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-iostreams." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-iostreams@2.22.1-tuxcare.1" } ] }