{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1499e1c4-9894-5867-b89c-d80263afbe70", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-mongodb4", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cd1453b9-330f-5e71-b2e5-30691f3dfda2", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eea9054a-0abd-57e5-afa8-915d162cda08", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e272660-594d-5efe-a314-979562358044", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44d17629-23d2-54a8-804e-0b1612eb0f95", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22bdd3b4-56e8-5315-afd7-27f41cce6afe", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95a38285-9124-5fb1-b7f7-1b179707ef68", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52ca045d-e9d5-59fc-9eab-ae8b0c8f0ae1", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9810d699-071d-5cbf-a92c-dc78061483ed", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:995b5ac4-6694-5c60-8feb-41ee57507328", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ed13771-2275-5763-8b17-952e98ada472", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f754ca2a-471e-56d4-8b54-5a952342be12", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da3a6ace-a3d0-5ed9-b09d-0150351f157f", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f53501ff-5f5c-5f3d-9cf4-4ffb8f92f5d8", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-mongodb4." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-mongodb4@2.22.1-tuxcare.1" } ] }