{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4b8a68d4-7fcc-550e-a8f0-df6ddabb524e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-spring-cloud-config-client", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0b54b0c1-f7c0-5a72-8663-b1cfaa17f5ce", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93a10f35-c8e0-577d-8665-34a057d76d8e", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4bc23d29-43ab-531f-a374-324ff4cfaf8b", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3467f092-97e3-542b-856a-e68ce9fab12d", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9349784a-3a11-5a29-8193-71f013ff75c0", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:445eeeb2-8605-551a-82d6-fe6d99a637f7", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b05e86e-5127-5f33-9b45-1a5c28585418", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58e7d0af-151d-52f9-b8a9-ca38e20fcfc9", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf72aee8-ec95-57f2-8ab7-d954b1ce3264", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e07f6b33-3637-57b2-870f-d4e4db21d09a", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eebe5fc7-be8e-516d-978e-9cd0695924ac", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5303545-1d4a-505c-9cb4-bb758cbe63bc", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4697886-b1d9-5513-a59b-fa506b3a7817", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.1" } ] }