{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7de01b74-ea95-51d5-ab88-25df7ce77894", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-jdbc-dbcp2", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:33085d12-1f62-591f-97c8-4b8f432ddc31", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec6dfb62-84eb-56f9-a50a-37b596de21c4", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab9de82e-a04f-5087-bfec-749f0a26d0ae", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c553f2e-b031-5ec2-bb89-6c09496ddace", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b580f02f-df7b-560d-ad1d-be5b349788b3", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d349903-b74a-58a5-98e1-8ad6e6c03cf7", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd7be6c2-90ff-566c-9409-d466f1c851cb", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da643f67-583d-5c2f-9f74-b13e53f68ee1", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f754cdf5-f10d-554e-8c80-bc6a10a64529", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea92bfc5-b272-5dfa-985e-4c94bf20c739", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65c6c51e-1688-51de-bb66-7a5e2cc6c050", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2873949d-9b8a-5171-b95e-ff44e1f8c5a0", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8105896b-3928-5909-947f-42a14de0deb6", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jdbc-dbcp2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jdbc-dbcp2@2.22.1-tuxcare.1" } ] }