{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b38e7e81-adf3-5269-80db-724676303201", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3", "type": "library", "group": "org.apache.tomcat.embed", "name": "tomcat-embed-el", "version": "10.1.42-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:364ec318-a235-503f-9d09-bcbff1591d63", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6aafa3d-936c-51f4-b87a-a771d326b0a1", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:35fc90ca-5044-5f0d-88c2-ec8cc1f0b899", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8964412f-214b-51c6-8ff6-3557f7f4fa6d", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc5e138f-32c9-5dae-b6ec-2f255a7f9330", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8da60e35-6d5d-58b2-b4f7-5af8a9693803", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a6cb2a61-cef4-58f7-ac63-8ed73ba0b229", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80843774-bad4-5da7-b140-58f00d45e982", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9892c12f-2d98-5efb-9e52-bf3fc87799c6", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f1d9f88c-ff81-5add-9d7f-c7ed06040f36", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67137c3b-b59e-5688-b002-ba4c4dba6d6a", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e489c440-e987-5517-b4a7-d9fa2dc69c5c", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e26273ea-6504-59ba-af7b-4f4023849ecc", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe01001d-6f94-5d96-ba1e-23052c2b863f", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5dd38fcc-a43f-59fd-a009-13f1e07e3e81", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9a3c1f5-cb91-5ffa-ad2e-2c51c643e1ae", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32518fdd-e431-5fb9-a089-0cabe6ffb8a2", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42993846-04c5-5627-9f2b-9357cf35d5a0", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d87cf8b0-84ee-5762-a74e-e3abbee13c91", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41733296-3d50-5a78-8763-0eba40d2d127", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1374f268-48a7-5a49-8b46-d2174a27bd37", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2606a76-8a1f-5c46-b083-a63047bd605b", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dc5f836e-94bf-566b-a674-0eddde62e504", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.3 of org.apache.tomcat.embed:tomcat-embed-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.42-tuxcare.3" } ] }