{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3a3f4237-9aba-50bd-b813-12c531bbc441", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-mongodb3", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f33823e5-06bb-5078-80ba-75ae4a6c152d", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a91004cb-9fff-5d07-a7c8-d278b631dc46", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f4d647e-1aed-545d-856a-af0870bcfa6a", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:950fd5c9-0fd6-531a-b7d8-65bb3114e022", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ffce4810-f413-580e-b82e-e67b2a9bf467", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7b00ae7-df48-50b2-a3a3-904068033906", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:422a98a8-4967-5554-b6f8-970ba612d961", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef6e97bf-036d-56ba-bb77-8732e67ba891", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6dc81ffd-058e-5b29-a491-30a1a07ddd18", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:601636a8-0adb-5721-a8b9-9da987ac5d41", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e06c104-12a3-5ebe-91c8-482c83b9ec95", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b55fd9d-020d-532b-a3ae-5fec1bcbfa6a", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:068a1eb0-473c-5ed9-bed2-db579f9e9266", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb3." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb3@2.22.1-tuxcare.1" } ] }