{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ea7303b1-67ca-55b2-ab92-f60c6c20120f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-i18n-es", "version": "10.1.42-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:334d2feb-0f4f-55b5-85f3-caba27c748ce", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:13f42c41-c0c4-5d3c-b15b-a5ab0e8f69c9", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3cc05170-7892-5d12-9be0-95b1926cda92", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aee72495-78a9-5bc1-8f57-ce03fab85ffc", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc1f493a-dd50-5148-91eb-b66fa38f970d", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f496325-5aba-54d7-a137-4e37b4ab39fa", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5bf9116d-e8da-5bcf-b460-bf3cbf585196", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:477365d6-4967-5ae9-a753-bb5d2a8fa430", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:464a6cef-4351-5c62-a263-53d541f094cb", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e1f722c4-f81d-5556-81c2-3ceee6ade594", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a921b9d-0b01-56bd-9838-45628e4814d7", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6abe669c-b8c9-50f2-8b00-e5d3138ef57d", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c830c85-5689-5f31-aee0-9975481224db", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15736970-90b1-5f59-8f6f-070ef42d8431", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:afeb7e46-8187-554e-88b9-15f1b2b40b17", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e107f033-9ba3-5e65-8070-8a48532cde60", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:52c44d16-27e9-55a4-ab43-be0f2d9b23a1", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7dc990fe-9a7a-5b08-a86a-09c4f9a2863e", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42ed9273-3a9a-5c3c-b9a8-6b7376e9678e", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aacd8527-39ac-5de8-a1c6-90a6178eb2bb", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6180b87-74c1-5401-9c57-2c7471553171", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e40254fe-7dda-58d3-9926-260beef5a8a4", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32b57ad8-fd61-5c41-9ef3-90a4afd0cc71", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-i18n-es." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-es@10.1.42-tuxcare.3" } ] }