{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e14d80a0-01ce-5d64-a240-263178fdce0d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.87-tuxcare.6", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bcfe93d1-e288-56b8-bf3b-2028520b9fec", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:14ffd4db-12fe-530c-9018-945e0bfeb71d", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8d497329-a43d-5c72-a3af-e5ffa725354e", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e1f8ee25-acce-527a-8757-f2bb76b6b70d", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1687af4c-c791-59ad-a908-0b5c0347e193", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7b0e87d7-ce9c-511d-8cf2-e4aa3156bf68", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:185b2ca6-aa79-5392-a912-f660ad645d8b", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:48286d9e-2306-52c1-9018-13b05fda7067", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3fb0e283-3f39-514e-850f-b7cdbd02cbf5", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d94ab035-77c3-5d8c-8479-18fd74a0743f", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0160eaf7-d219-5c76-b7bb-892dd1aaafc0", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5ca4a7ec-49d0-5c05-8bad-6e7af6e7efd3", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2dfdaf8a-2467-55f9-bc7a-9c300585ad8b", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:33176d82-0450-5ad8-8fd5-b517f686d2f6", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:763bdd4a-2ca8-585b-8a6a-c05b4a4fb06f", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e4b4d8e5-0f61-58b4-b19b-d44795d724a3", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5447f973-bd2a-5303-87e5-2709ab70558a", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:90c82a9e-7197-5e0f-acb4-7eb456bd02d2", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bbbd10f1-1c8a-50e3-b20c-883548cd4f30", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e1bacde5-88c4-54d7-ab5d-4297badc6d63", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:80667dd3-4645-5865-ab47-f5a9749a8a33", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8aa6a953-321d-53a2-8302-3e2feed7e14b", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d259127d-a3b1-5ebb-b414-54156c9111be", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8145caed-d671-5a18-8651-822b191c6a56", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3895852b-49ad-53c5-b2be-7fb05a8c504d", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b7fbe601-1b67-5bdc-a375-11b1c49313f8", "id": "CVE-2025-52520", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52520 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3fc4c2d7-9e03-5460-a5cb-a035edaa0014", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e928dcf9-70c2-5537-9035-319d726d95d6", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2f55ba3e-1f87-52d1-a4f8-60cdb83736ec", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:89e2245b-cf9c-51b5-92a0-66dee767f5ab", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f4f996a7-8a5b-5e19-9482-b846fd3c1339", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a691befe-291c-579a-87c9-40bba4e02d8a", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e652f0a4-839d-5cbb-b1a7-ef38ac836377", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:567c958c-5bf8-587a-b325-5bb4056bfa32", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fbbbf504-062d-5079-8cdb-33787aa328bf", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4196900a-f328-504f-948a-6d27b03f1e2c", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:28c10eb9-e4f9-5429-a789-9ab702208350", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:15a1808f-1e18-5ee7-97ac-4c18c2666783", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e0e1b657-fa9f-5433-9bec-a273fd1b3f2d", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fc84431a-0775-5398-b090-892ab6255802", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7a47acf4-7b84-5481-8b51-03a7456637cc", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:93ecd009-2c96-5d8f-b081-1ca7b554c611", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.87-tuxcare.6 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.87-tuxcare.6" } ] }