{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bf667b3d-89bb-5611-924b-985fa5dc540c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-jcl", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f55162a5-0f92-5ef4-9aac-b34789f1f5b1", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9873d2af-1487-5aa9-b901-2c2905820d0b", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbeb26fe-3c02-5c6c-bafa-95765fe7f259", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3edc9089-91bc-51ae-9bc3-94dc1660d6f0", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9893a19a-c590-5ef6-9632-1c64e9f3af04", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97e3539e-4774-5e50-97af-e02c30fc933a", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa49e533-274e-5c40-a58c-43c4f91727bc", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:950acf3f-70aa-57fb-b600-fdea8b99e812", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82069b97-3e58-5fc7-945d-60779f289f0b", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b767ddbf-83a6-5b3f-9d62-b45fb864f3bc", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a12db9fe-b267-5f23-8377-4efe7f15ebe1", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2a83f3e-ac83-5376-b6ff-e5da6e043fa1", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cce31c2d-d866-5989-ba0d-299540b5b24a", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jcl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jcl@2.22.1-tuxcare.1" } ] }