{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7e6b2f31-4474-5249-9655-d8b5745a319d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2", "type": "library", "group": "org.apache.logging.log4j", "name": "log4j-spring-cloud-config-client", "version": "2.22.1-tuxcare.2", "purl": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:10df74f6-7632-5663-8f9d-53ff2638b083", "id": "CVE-2014-8180", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-8180 is a false positive for org.apache.logging.log4j:log4j-spring-cloud-config-client 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cf7e317-26d9-5e8f-a0e6-b8d869f4b82b", "id": "CVE-2016-6494", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2016-6494 is a false positive for org.apache.logging.log4j:log4j-spring-cloud-config-client 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c015413-1dd3-5f57-9b13-70c66ef5c495", "id": "CVE-2021-32036", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2021-32036 is a false positive for org.apache.logging.log4j:log4j-spring-cloud-config-client 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e3c37e8-3259-5f94-ad89-9f43e6fde24d", "id": "CVE-2021-38295", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2021-38295 is a false positive for org.apache.logging.log4j:log4j-spring-cloud-config-client 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c94c26f8-a491-5e45-a049-330121ecbed5", "id": "CVE-2022-24706", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-24706 is a false positive for org.apache.logging.log4j:log4j-spring-cloud-config-client 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54cee23c-1e61-5f40-81a7-18f0c8dfe6f1", "id": "CVE-2023-26268", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-26268 is a false positive for org.apache.logging.log4j:log4j-spring-cloud-config-client 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98b063e2-7b2c-58e3-87bd-403451e715fd", "id": "CVE-2023-45725", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-45725 is a false positive for org.apache.logging.log4j:log4j-spring-cloud-config-client 2.22.1-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1787343-4d2c-57f8-9066-ec9f0a411f25", "id": "CVE-2025-68161", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-68161 is fixed in version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50a72de0-9a37-5be6-828b-c104a0f7f3fb", "id": "CVE-2026-34477", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34477 affects version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c03a7730-2e28-54cc-b21b-bd712d003907", "id": "CVE-2026-34478", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34478 affects version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db594ce4-540c-59b8-a5e4-6398c9aabcce", "id": "CVE-2026-34480", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34480 affects version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13dd86d1-9455-5d4c-bcfe-ba5dec6b093b", "id": "CVE-2026-34481", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34481 is fixed in version 2.22.1-tuxcare.2 of org.apache.logging.log4j:log4j-spring-cloud-config-client." }, "affects": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.logging.log4j/log4j-spring-cloud-config-client@2.22.1-tuxcare.2" } ] }