{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:f64dd76e-ceb1-51e8-8b36-6b1b3bcd2407",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4",
      "type": "library",
      "group": "org.springframework.boot",
      "name": "spring-boot-starter-tomcat",
      "version": "2.4.6-tuxcare.4",
      "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:2ffb6806-d651-579a-947c-76f82de2ca25",
      "id": "CVE-2022-22965",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2022-22965 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cd5c703c-0724-5757-bad6-215c0949c772",
      "id": "CVE-2023-20873",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6fa0b47d-eab9-5ff8-8220-fd432b6dbd26",
      "id": "CVE-2023-20883",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2930e04a-cd44-5b9c-a795-f9d37069c9cc",
      "id": "CVE-2023-34055",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b677a284-9432-57d7-abdd-eb9bd7ab13ce",
      "id": "CVE-2023-38286",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2023-38286 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:acc0a0da-443e-5dc0-90d8-5df30f1ca248",
      "id": "CVE-2024-38807",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38807 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cc11e505-343f-5d4d-bfaf-a1db5c14c036",
      "id": "CVE-2025-22235",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b64552b7-6718-5a75-ab75-5de92be97ebd",
      "id": "CVE-2026-22733",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0d89e5fe-1032-5851-a886-4436624784f4",
      "id": "CVE-2026-40972",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9ed3f0a3-957a-561b-83db-132327434e00",
      "id": "CVE-2026-40973",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40973 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:940b78bc-99ef-560b-a915-ea8aaebfcbe5",
      "id": "CVE-2026-40974",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40974 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a6b5d68e-ab31-57b9-8137-3ecca2aaf04f",
      "id": "CVE-2026-40975",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-40975 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8f7a7a10-82c1-596f-80fc-ce81dc1ba928",
      "id": "CVE-2026-40977",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-40977 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7d8f4030-2014-5e19-b29b-7cb3c1fc4a3f",
      "id": "CVE-2026-40992",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40992 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b1da73d7-78f0-5be9-83ef-2395fcc46044",
      "id": "CVE-2026-41001",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41001 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-starter-tomcat."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.4.6-tuxcare.4"
    }
  ]
}