{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1f09e46d-ae9a-5b0d-989b-0cc8872e39a6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-spring-boot", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a46edff8-e88d-5fa2-8abe-ec5aea0edb66", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e9fa289-3c31-5923-8b4c-7cab6b11f9de", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d19a131-c5a9-57dc-9034-c47ecdfc46bb", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:349eb97f-8506-5c3e-85a7-5e2259177941", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca544f4d-d6ac-58a7-b5eb-26f43b55f680", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:430e6519-d801-57f7-9225-2f3bf7b9450b", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf303c6c-4584-5c00-baf5-ad776d6fc021", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f414f1d7-a1cd-56d1-aeff-639fe925e3c1", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:986a190a-ad67-5d28-84ea-b5eb0ff4f708", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d741c93-6dd7-5ab8-957d-efa5d5d06c46", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a790625-3054-5e9b-b8b9-ac0ef5dc07ca", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86221586-b964-506e-9abf-e13a8fa918db", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c883db44-85d0-566e-84b7-a55f64f21350", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-boot." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-boot@2.22.1-tuxcare.1" } ] }