{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:157f15c7-7a48-5b58-aab3-352c23554808", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-jakarta-web", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ed70c930-a1bd-5f8e-8615-2a076a3d838d", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1bbd3aa8-038d-508f-beab-0122dc69d19f", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:087dc982-69ce-51b8-9e05-a7aaba797922", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9bdb65de-abcd-5bf2-a8fd-6b3c7d5a60d4", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15534390-2402-5438-885c-db7f8ef88537", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a0649b9-dacf-5589-9bad-6583e6bc1fa8", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a17afd0-b0fd-5eb7-b9dd-1e86c58187a7", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64909875-6e59-5106-980c-23e4bf378552", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73a4584c-512b-58f5-8a15-5e695d1e3670", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c11cb1f0-2ad7-5611-8b6e-46221126974d", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98203b7a-ff8c-5b0e-9a46-34ea0cc2a710", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:149a41a6-7935-51b8-992d-41aa46cf38b9", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0338ccb1-1894-52a8-93c3-9a6823571e5b", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jakarta-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.22.1-tuxcare.1" } ] }