{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:abf612b9-8d51-51c7-a84c-972966474a03", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-slf4j-impl", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:66331c45-07d6-5834-b4a6-43162561eec7", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5be69e25-2f63-504d-821c-d10d12941ea6", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8bf9ce4-30e7-5fd2-9a11-2ce14259ea7f", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:847fefce-11c6-5cc6-bbf8-0bec6e5ced5b", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:622505c3-4dfd-58e5-a9fa-a75e9b6e954f", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07fab845-cc22-54cb-94b0-9de7c789b83f", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:976fdb42-0f50-5a73-860c-bc39c2efd64b", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a07eee76-99a5-5993-8cb0-8b770e2cd392", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5e36a1c-843e-5ec9-84be-834bc99a9f04", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1527dc05-0d1a-52b3-b9d7-af692f17aa82", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebd6efd0-3e0a-5b30-8b2d-2fd56513aaad", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:252d6037-5af1-5fa2-9221-adac2510abfa", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3fbaa58-31c3-5ef6-a5a4-0f59286321de", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.22.1-tuxcare.1" } ] }