{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:62b5fbef-7f92-54a9-9b9b-2c3a57c9cb82", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3", "type": "library", "group": "org.apache.tomcat.embed", "name": "tomcat-embed-core", "version": "10.1.42-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:420677c6-f1f0-5b90-9eef-3089d2aebe52", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:401818ae-6e90-53e0-b891-cc766e8b3ef0", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a543700-c555-585f-9834-c1063a00e0d5", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e02fb94e-8729-513c-b9bd-576fde486f42", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e85a0feb-ab1c-5dc5-a59b-956281abb33e", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc905082-5015-5ae8-bd38-383f0be13ec9", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08fae994-8175-5d4b-8b1e-43e0c0b390ce", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd4ad6e7-352d-5211-b1b7-76f17a1f0411", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40d12017-3977-5f6c-acc5-1506e80647cc", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:580d7788-4993-5713-bf22-ba2508141f58", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc45031f-3e52-52ed-832e-4c8dd0513c5d", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:867d6e2a-b01f-5a21-b5d7-0acf39d87e49", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cad7d750-a5ee-5643-bbeb-c2a0588da84d", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a6d2867b-2e0a-5327-83eb-10744a215fd1", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56d26529-232f-5654-9a63-ab2e5efc914f", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b771ef5-9831-5733-9a7c-48dd43d0d156", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c83f3db2-cfbe-5d58-85b8-d865e2220ae8", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7812d5d7-5311-5786-a96e-0a50568d8e54", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4cdb5fd3-738c-5a02-a138-0c0bf4be4fa2", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6e8a980-400e-5a5d-80da-d89036ade48d", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dceee800-3c14-53d2-873a-33f2a696a2fc", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eeacbc15-9369-55fb-b544-e444fd589607", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28692b5a-b41c-5cfe-afa4-12c93e29ae1c", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-core." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.42-tuxcare.3" } ] }