{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:94b7842e-8daf-5fe3-8f82-228362ac7f2b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-kubernetes", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:29855d78-e432-55df-9e0e-c8c67c2dd7f0", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41f12132-3fa7-5374-b669-690444bf8b28", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6465018-66fa-59bb-b1ed-8c21dbbb43df", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7593df05-ffd9-5043-9726-d53564bae081", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:acccccf6-acd6-5188-ad83-ffeec08fdd8c", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d1ce2eef-b2a0-50f3-8754-3a6c0ceb7f29", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:daf3b9d1-cc89-5874-a08f-ba69e27aa22e", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:842dcbee-6281-59fa-9526-9ed0bcd05af4", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d25f8c60-3185-5f69-937e-86750d08f9b7", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6199c80-6fdd-5f34-83f5-ced26af178e1", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c022634a-1bbf-5bec-a7a5-714ebf79583d", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e430291-8186-5f2d-96e1-52b29cf9631e", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3daf207e-f05a-5b43-a228-147955e6f772", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-kubernetes." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-kubernetes@2.22.1-tuxcare.1" } ] }