{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4eedc0e3-87fb-51e9-a809-20c9628647ea", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-to-slf4j", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:77a28418-c65f-5017-8233-57f3d85f610d", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6d46d54-51fb-572a-889f-f670228f7243", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab40122f-74a3-5ed0-800a-3c07ae900d52", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eba010a0-cae3-50d9-a191-7c70cafa5f8c", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32311055-0ff9-5364-820c-97a3349ffb0d", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b42268d-96f2-5bc4-8746-a9885acc7430", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:500b2671-bc10-5c12-bfd6-ad61db833c66", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59f93d18-df96-551e-966c-f3eaf1f3a0e9", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efbbbf38-f07c-5094-9898-1968878b8b21", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7dd504cf-30ee-559f-b791-99bb4722fa9d", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e284e7b5-5087-5d7a-a73e-d0e050ad65c5", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f19cae3f-f224-5fab-a511-4c8e8c5f4e98", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ecae8928-77c4-5b0f-ba7c-7e9f64b33dde", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-to-slf4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1-tuxcare.1" } ] }