{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:48d06804-772a-5179-b286-0f10fdd85cac", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-web", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:eb154364-dea5-51c0-a7b8-894f8563c38e", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b15c296d-7189-5313-b1ca-a07c5b4ec802", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d35827f8-a4fb-5439-80fe-17478a1d8bfd", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74d84547-d9a6-56c1-9730-798370100064", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9226346-8a61-562f-a6b1-0b95c5495871", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56f273af-e901-54a2-8e47-a0f17a0409e4", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a560aa4-357b-5052-a669-e23093e6646b", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8568d4f3-eab3-506a-bf45-e9c844d5e787", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12f69f65-5a92-520f-9d7f-43df1abd1664", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:090bdda6-8221-50b8-af36-84fdd4f3d950", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64a582a8-db57-54c3-a30a-667f4b42a4fc", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10fa8314-3df7-55b3-a6e6-69254dc2236b", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0dea4cf-bd64-54ce-ab06-8f022ab0bc5a", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j-web." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-web@2.22.1-tuxcare.1" } ] }