{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:56ea77fc-523c-5a34-9b76-ef2233cc14eb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-jakarta-smtp", "version": "2.22.1-tuxcare.2", "purl": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:60f52695-a5f8-59ac-9ee2-10ddc4d1b3c8", "id": "CVE-2014-8180", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-8180 is a false positive for org.apache.logging.log4j:log4j-jakarta-smtp 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fd323bd-3000-50d5-8df2-ad8fa83c528c", "id": "CVE-2016-6494", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2016-6494 is a false positive for org.apache.logging.log4j:log4j-jakarta-smtp 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99ccb456-d630-54b4-a02f-f0fae66ece04", "id": "CVE-2021-32036", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2021-32036 is a false positive for org.apache.logging.log4j:log4j-jakarta-smtp 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e118656-12fa-5127-8db4-9a19481d7d73", "id": "CVE-2021-38295", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2021-38295 is a false positive for org.apache.logging.log4j:log4j-jakarta-smtp 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97291bff-39f5-5e67-bf2e-293c8f8e5e5b", "id": "CVE-2022-24706", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-24706 is a false positive for org.apache.logging.log4j:log4j-jakarta-smtp 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb4e4b25-31e7-51e5-beb1-192180cc0d14", "id": "CVE-2023-26268", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-26268 is a false positive for org.apache.logging.log4j:log4j-jakarta-smtp 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e1132ea-f29c-5209-89ce-6ca24d475681", "id": "CVE-2023-45725", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-45725 is a false positive for org.apache.logging.log4j:log4j-jakarta-smtp 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e11352b2-2950-5b20-9e26-b6c3f0508c46", "id": "CVE-2025-68161", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-68161 is fixed in version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6f2e9a4-e7ee-5635-9be7-d128c4084b94", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea6f7525-65d6-5949-901a-691813a002f7", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:350b2a47-97d0-5480-8938-f6456708b9cb", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9509c298-9288-5e1c-bcb4-ca7d72a16a26", "id": "CVE-2026-34481", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34481 is fixed in version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-jakarta-smtp." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-jakarta-smtp@2.22.1-tuxcare.2" } ] }