{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2ff7eff8-7fe5-5a15-9a8a-40b3d11da7e7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-to-jul", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d0cf67ad-4f15-5f39-90cf-568400a852e0", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2af1e98-9146-55e1-a8c0-d9e4aa5ecf86", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c792a32b-d983-5a0e-8588-af8702ca8942", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9ded735-799d-51eb-9d85-8c6c093185a6", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:699ec512-b33c-5e42-9077-405cea446990", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:117ca7d2-0b4d-5f96-adc2-3880cd400665", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfd2f22a-f26d-5b9e-b81e-8b945df3685b", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:620f90a8-4aa3-5842-ab6f-31d4f855a1f5", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f9d9621-4d8a-52fc-9582-24b7db33247f", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1d3097a-841c-5621-bee0-b7971758f5bf", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a77eb8f-6174-50ee-a49f-67a23ea26b14", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84fb04df-8ee2-5cd2-8135-cc8d69bd3672", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea099b39-0581-5069-8eed-9ddaa10fef8c", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-jul." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-jul@2.22.1-tuxcare.1" } ] }