{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a1cb8ce2-38fd-5725-afed-6b5f3f34ebad", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-jpl", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:21f0416e-3938-5ef5-974f-757d10dd97eb", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cea77cee-0020-5bd1-840d-93e422582ccc", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23e0739a-c7ed-545d-9b0e-aae8ec6c76ea", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78eff012-ddae-53a8-8a54-2974884a829e", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e43aacb-414b-512d-a4fa-7a6631a1db2b", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b8a8f4c-a414-5c65-a06a-52c66a3aad1c", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12444a64-08f5-55e1-9502-986f247d8435", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfe12ce3-9e97-5771-9ebf-16b55c50a7b9", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90e755a5-addc-5aca-94e9-bcf8a4081761", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1051152b-5ef5-5d2c-af6a-09dc7ab1ab1f", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:787312af-6b45-53b9-90f6-b25f06a968f8", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7156a3f7-54e6-505a-8cdd-e04c51cae847", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84ddd50c-8f0d-5209-b39b-cb59421daf51", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jpl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jpl@2.22.1-tuxcare.1" } ] }