{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a7899860-3539-5d8f-b8cf-f80f387c42b5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-slf4j2-impl", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bae7e107-6154-5c41-bf08-072a36d20bd1", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8cfc09c1-7138-52ab-ae9a-5f0d0a723b3f", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:143561c8-0e42-59bb-8b2e-86432956a1f6", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e30f156-8901-5087-b984-7e82067b0486", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:afae3dc7-5889-53be-a015-b94150bde5cf", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3f09cd1-20a3-5e7c-831b-1fe7d07c4e94", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b8e5b14-385a-5c7b-9efc-d973e5f82cf8", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f658c1e0-1e7d-5496-84b5-a211ce258201", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0aea83b-07db-5011-8048-a6d8b1e225df", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5721dd7e-cfa5-5df5-839d-e4af0e88eaec", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bec757d-6289-5304-b045-aa91fff73070", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4f18a8a-bb42-57be-902e-8e37bea4e068", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a2e2b03-a5ff-56af-a764-606ab48d3b1b", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-slf4j2-impl." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-slf4j2-impl@2.22.1-tuxcare.1" } ] }