{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8f1489f0-bdfe-5ddc-88e5-3ca5ba7e9eac", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-jpa", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4d5840a6-ab82-5034-a13c-f5501997e7e4", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d6a381f-0a80-5add-9238-5487354252c3", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2397ccd1-24bc-514e-9fa2-6012fb7b6d86", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:362f1e2f-46a0-5e78-9891-6a2c28c68b3e", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14de295f-6090-5118-9d6a-97221a85f757", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97c92870-1762-596b-8192-bbbf789084f2", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54cacc21-10dd-5bf0-8326-f393075d9c3d", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa1766ea-9dea-50d2-a73c-8180144fae64", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f0bcecf-fe81-5bdc-a055-c5d529bbd5ce", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cd57689-c982-50c5-80d3-72e0fc154521", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d197527a-944c-592f-bc4a-29d95f439ea6", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af5f5ed9-8fab-57af-877d-7d3f97f5b663", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1addbb66-c276-5f4e-be42-658feae525ce", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpa." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpa@2.22.1-tuxcare.1" } ] }