{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:120c2930-380a-5b5b-ad21-c8223591cca7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "10.1.18-tuxcare.4", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:715b6801-15f8-5c87-98cd-b899cf7903c4", "id": "CVE-2024-23672", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23672 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e0378841-d96a-55a8-9fd1-056ec93d8b00", "id": "CVE-2024-24549", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-24549 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:01172736-40c6-5baf-829c-4e6ffdb05b8c", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4062c058-f639-597a-ac14-f94e380bb719", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3c11eba-6700-5433-842a-c427da15f333", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d871cb4-e1a9-564c-94a6-95cbed50d0f7", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d2be8681-4930-5e2b-b6f6-46d6957fd23f", "id": "CVE-2024-54677", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-54677 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4cd233e5-b222-5b78-9544-1cc62e0b52c5", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:84959115-9b97-5644-aea7-644ebeccb6ad", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:259ea9db-371e-5b2d-9010-08b86b699465", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47f621af-8083-52ae-a5ab-12c8ed206b93", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:59100c08-088f-5835-b7ed-e16975bb4be1", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4925a482-2c8a-5e0e-a35c-6e6c50bad244", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8fe03271-c3d7-54be-a667-5db8d8a81fe2", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74c9aacd-00e1-5d7a-837e-0319d2bc7351", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fa602dc5-9efa-5e83-8134-7a68e888775b", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:34ea2d66-aa76-562b-ab54-3d96e3dea1b9", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1960d115-eb41-515b-aafe-0207eb8da2b2", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:723e5f9d-5e1e-5851-a377-9bd4618aface", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:788e6735-cf50-5252-9686-7a138c9c3199", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cca97052-5a6e-5139-8e9b-7c7850bbded1", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1b9f1397-a471-5377-927e-acec3f0b9531", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d0a1d66b-5400-5480-b7a9-98a98571c954", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5509d4bb-a19e-5c40-80f9-d558d217ee94", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d6e8f558-ac7f-55b1-a419-5ab0dad97506", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e142a83-e9ad-5a33-93dd-153084149051", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d8dd12a-fe30-5b1c-960e-4c93646d34c8", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16b1a489-7e65-5b9b-b307-93f2241b5d8d", "id": "CVE-2026-29145", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29145 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:045643c0-0a43-57cf-9b90-d76483f85953", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b824a7c8-726f-5e16-8cfa-1311062dba7a", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:433ac544-1088-591d-a4b4-a71d7bc2c7ad", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c316340e-f564-5875-92fc-40f95e5d4fd3", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:99801c80-53e3-5cfe-9299-e5f4df9fb34f", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.18-tuxcare.4 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@10.1.18-tuxcare.4" } ] }