{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b73e09f5-abad-508c-b6d1-2f6ead9dcbee", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-jul", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ba775d38-01ad-5a2a-badf-d6af612ec799", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a31f54a6-39ca-5710-97c9-ab52cb480b5f", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ecfbe2cc-8272-59dc-b0a3-f07cea2ce62d", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:469188c3-7813-5dc4-af5f-03a544204b04", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d053b5e-cbde-5106-b432-a1a4a39f5dab", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9c52458-3ff6-57e0-a0a7-7f17c47c0799", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa579d2d-0f0a-5747-9857-fb81204be24d", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6196d59-553c-5207-8146-282ad9a0cf72", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8057884e-dadc-5e18-9101-615ca3ed03bc", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6496f87-e497-512e-b461-74bbff0b4fc2", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a541a4a1-0133-5269-97a3-40775ea59a6c", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4ab27c1-0874-5e1a-835a-b01c21ee31f6", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71633566-236c-57ca-8365-86d7fa1c4e41", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jul@2.22.1-tuxcare.1" } ] }