{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4a3f73bf-aa25-50d8-b15a-3db4ea7e575a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j", "version": "2.22.1-tuxcare.1", "purl": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:95a8bebc-6d89-5afb-a013-90725b2af1a8", "id": "CVE-2014-8180", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-8180 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f03ab1ff-a79b-5708-9ab9-a5d63cd61bff", "id": "CVE-2016-6494", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6494 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2a86b62-35db-50c9-8127-72a7d5b52ce0", "id": "CVE-2021-32036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-32036 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7896c8fb-b151-5a19-9640-da8881951bba", "id": "CVE-2021-38295", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-38295 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c1f227a-4977-56d5-9367-48b1cfdeeea9", "id": "CVE-2022-24706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24706 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:939bc4b4-2473-5211-925b-b8c0e1db701f", "id": "CVE-2023-26268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26268 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b325d353-fde5-53bb-a104-219ed633ff3e", "id": "CVE-2023-45725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45725 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19ade665-96fe-50ee-bb55-68a05598a723", "id": "CVE-2025-68161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68161 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdbab5a6-9195-5936-9637-1697711096c8", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e64dbbca-73ec-573c-b110-60888b471412", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91402016-4f08-5575-9153-46ab3b3b849c", "id": "CVE-2026-34479", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34479 is fixed in version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cfb00529-ccee-580c-a298-5ad5e4a90993", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51c0d113-c797-5151-84a1-3979dfc67662", "id": "CVE-2026-34481", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34481 affects version 2.22.1-tuxcare.1 of org.apache.logging.log4j:log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j@2.22.1-tuxcare.1" } ] }