{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:46f0067d-eb4e-5a32-b339-666ba9a451b6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1", "type": "library", "group": "org.apache.tomcat.embed", "name": "tomcat-embed-logging-log4j", "version": "7.0.109-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4a44261b-622a-5b63-a4f6-2ca38cfec724", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22049d5a-b9c3-5d5f-9bc3-b11f613e20b3", "id": "CVE-2015-5174", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5174 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ad6ad5d-43d5-55aa-bd64-c2a05310c8b6", "id": "CVE-2015-5346", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5346 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81faadcd-f95b-5b8c-a03f-738d6c636839", "id": "CVE-2016-0706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0706 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d28f3b7-f6eb-5747-bad6-b22aef193614", "id": "CVE-2016-0762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0762 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2feac88b-f91a-5701-a16a-d5ec52f31f5e", "id": "CVE-2016-0763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0763 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83a7983c-40fc-5756-beb0-1d8ec341e7f6", "id": "CVE-2016-5018", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5018 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f228135-ebcf-5cc4-a04d-a39bc1263579", "id": "CVE-2016-6794", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6794 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bedc6ffa-fb7f-5b08-bb79-280fe99b3606", "id": "CVE-2016-6796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6796 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16a4967f-8230-563c-9e9c-b3e710d637c6", "id": "CVE-2016-6797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6797 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a45436d-d2d0-5a73-af51-43cc222daea0", "id": "CVE-2016-6816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6816 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69a71e32-d525-5b3b-befe-458bf388cbe4", "id": "CVE-2016-6817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6817 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20d4dcef-410f-5e45-b7c8-bda31e2f5850", "id": "CVE-2016-8745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8745 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb4e34ed-61aa-5d6b-b00f-8490cf747b6b", "id": "CVE-2016-8747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8747 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23faffe9-155d-57d2-9386-ca4e3d3badf7", "id": "CVE-2017-12617", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12617 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32e2835e-a1dc-5989-9789-a987630e297b", "id": "CVE-2017-5647", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5647 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db55fffc-10c5-563a-9a15-75afc682d7f2", "id": "CVE-2017-5648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5648 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:839fa39d-22d6-5518-a6be-c00e8ea75af3", "id": "CVE-2017-5650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6acb9cf6-c074-5bcf-943b-619172cfef23", "id": "CVE-2017-5651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e48e13eb-f875-5a06-b708-8fcf3ccc92cf", "id": "CVE-2017-5664", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5664 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4987c705-deeb-54e0-8e82-4e79f1b5301b", "id": "CVE-2017-7674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7674 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:864cb9bf-f3ac-501f-8913-c4a6e6cbef3c", "id": "CVE-2017-7675", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7675 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:138e0f20-fa3f-5632-9b91-564220e4ec55", "id": "CVE-2018-1304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1304 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f42793e7-fd0a-58e5-8a11-62d6dc03a1ac", "id": "CVE-2018-1305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fc72a7b-78d6-5fec-a786-6047584f2b63", "id": "CVE-2018-1336", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1336 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:041c1200-c819-58da-b4ab-d7ba0ea372e2", "id": "CVE-2018-8014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8014 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64940eb1-fcdd-53c7-92a5-7f6eb4fe19d2", "id": "CVE-2018-8034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8034 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d24c52af-eced-583a-8f80-01d1cf116406", "id": "CVE-2019-12418", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12418 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b2c8d14-0749-5e85-ad25-ac25df46db1d", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a981b05-63d8-5323-813f-bd6c6a728cba", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81e82d10-f4a3-5c2a-8c75-8493a04f4a0c", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d1751f6f-7d4f-59da-b9c7-6b3377aebd37", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:985a7359-6c85-56f3-8060-59ab0ce81c83", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5131f717-af91-5afd-b5e7-45a592271606", "id": "CVE-2021-30639", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-30639 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9eeea020-f8ac-5fe2-84a7-44c9d8b17753", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02434d86-eeae-54d3-b8a6-b80ff798e284", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e4b83bc-7ca6-5a8a-8fba-edfb367bef85", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e2e363b-1aa2-57f8-9d93-74227260ed78", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2cd538d6-07c0-545b-b6ba-c0388ab80788", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9366104f-56bd-5f83-9160-7098c6f9f918", "id": "CVE-2024-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38286 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca8fff64-0106-5b2a-84ef-a3f626d2c06d", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e1370ef-199b-5c79-80f0-4f8e9afaf322", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d74dea4-843f-5079-baea-8d398e7ee0ec", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9437dfc9-5b5b-5105-90f5-7669325a9480", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d34eb5c-8160-5863-a919-c7acbf137db9", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5fd42564-9485-58a8-a96e-832feaa1d989", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df8b4f2c-b387-5e33-9aa3-548d46e60d23", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68389a7c-9f46-5df2-a70c-ede5452eb0e9", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9efd568b-344e-5cd5-a2e8-5dc0ff450dd0", "id": "CVE-2026-29145", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-29145 does not affect version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j. The official CVE record (https://www.cve.org/CVERecord?id=CVE-2026-29145) limits the affected versions to Apache Tomcat 9.0.13\u20139.0.115, 10.1.0-M7\u201310.1.52, and 11.0.0-M1\u201311.0.18. Version 7.0.109 is not within any of these ranges" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76cd5910-8b5a-512c-911d-27113ef90c75", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfac8cf9-c53c-5435-969b-689cd3ca90c8", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 7.0.109-tuxcare.1 of org.apache.tomcat.embed:tomcat-embed-logging-log4j." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-logging-log4j@7.0.109-tuxcare.1" } ] }