{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a5b99fe3-1fb4-53da-af93-2d97a8e9e30d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-ssi", "version": "10.1.42-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6bcc33a3-7b3e-59bb-8878-6f501c129946", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82c1ccef-63ca-5756-943a-3a5a277ccd5e", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd38c57a-70ea-567b-923d-892e35ab5bc3", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38c4f4b3-127b-523e-8b90-c534cba84786", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d73827bf-574f-58b4-872d-0d4dcad3627e", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d773a912-8479-50e7-9e00-c485b3807258", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82911f8c-9432-5860-bedf-3e349af71c16", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36bf55d8-77ad-5977-916d-c2e68191e625", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10582b94-87c0-56b8-8add-4f0961b35b59", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7d384de-fc3a-57ea-816d-313ce9093a96", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a415a0df-c370-5c99-b993-fde0b1b920ea", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d5cdf9b-8b9e-5aba-a2a0-df913f696fca", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7eb8eb0b-6079-507c-bad0-ba08aaecc3f4", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:999fa9bb-de68-53c9-a80f-97c15147cfe1", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3f7e9d8-2d61-5914-9ed3-9dac4536fdbb", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab1372ae-8000-5ec2-bdd5-d320602b4340", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a69c6fed-e8ba-5fb9-b211-f5d92171ee2e", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce80994e-8b72-53e8-a740-9d874640f2b9", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffab389f-a39b-5b48-879f-24bab123a8de", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45209afa-ba16-541e-b5a2-dd2f095a0101", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e24c3343-c1bf-5f9f-a657-d2703840669a", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a19768a1-8c0e-5543-a422-8579a8e7e701", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c29ee33b-0441-5d86-b60b-2c0d87ac1d56", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-ssi." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-ssi@10.1.42-tuxcare.3" } ] }