{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fc044ec3-53a7-574d-b673-1e68d7d52db5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-el-api", "version": "10.1.42-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ac299bcb-1f3a-51b0-a070-f005fff2967e", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:276f05e3-aaaf-55ff-b09b-f3959c16ebd6", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b20fad0-1e7c-533e-a567-0764b1eff0c8", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79888686-d7ae-5f66-be1c-f20fa69ffecc", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00f3730b-5936-57ef-b661-207ec15a808d", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78ba898c-6488-51f0-af72-dda650b50c73", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b7d7ed40-19b4-5ce3-bee4-f3abf0df8a13", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d4b9210-0e09-59f9-9e3f-c845dd56c262", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a790f932-2324-5ece-917c-90087a73af36", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9254b1b2-5aeb-55df-ae5d-12904f7c0b8d", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e18b85c-448f-5330-8d1b-4ff44b3559ff", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06f7da45-dfaf-5380-befa-4af004a0d56a", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b34d93d9-ef71-5aac-a8c1-f36371681191", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:610d181c-8691-5fd1-b087-3f8ab25a9642", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e6df32d9-d348-5c72-b75d-9711e1f76a6b", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d8d7c4d9-f161-5d29-9b02-4d1b34c1f9e2", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c07e0c8c-50c3-568b-a6cb-32e00b6cfce6", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9197bf7-99a9-5b35-96a6-bdaaace0351f", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a639b291-85b7-5f4c-ab02-6a8fcfb4969a", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e835c3e-63e1-5870-bd25-59fddba7b3c1", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:726f0ad5-6e96-578b-b3ac-f2a4d34eb29f", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5820a370-0199-5cc1-a9b8-803017a3ae4c", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17321dcc-7724-51ce-8d34-84ea14f7b25e", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-el-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-el-api@10.1.42-tuxcare.3" } ] }