{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7b6a9b12-19d6-504c-86e2-3f549a021096", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-jakarta-smtp", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4a132b7b-5958-5eb7-b31d-55efa8bddc0c", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:838593a3-730e-5bed-9771-c1b47d99d28a", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf1081c5-7808-58ef-8a0e-7fb66af70d61", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:398cc3c4-a0d6-5036-911b-184645f72c6f", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96fd31b9-d599-5d41-90b0-41af72abf5cb", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3328c203-fd6f-5ce8-8283-e67c9bf79239", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9aa69ca-1973-5bb2-bbf0-0a23da2efb80", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54a36726-2f8f-5ca7-9443-85fa002f2b2a", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff22374d-80c9-5564-83f6-9222cde51fa1", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3dc8b8cc-6630-52be-9c1a-79687bb5e8c0", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea5a3aaa-3d49-5de2-b5a2-8a9c5183e5d7", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33145454-a28b-5965-9e07-965afe42fadd", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:344b185b-3990-5279-bf23-5add65dd36f4", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.1" } ] }