{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0fbe57ff-2c93-5127-afa0-2362b395b024", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-data-elasticsearch", "version": "2.6.15-tuxcare.2", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bc450a51-b752-5d16-85f1-18f417f32b6c", "id": "CVE-2023-34055", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34055 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ba4edeb-5cd0-5b61-b9d7-a66b8a0c1de9", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e06c9fd0-675a-5686-b3f0-8dc6908bcaeb", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4d01b8e-4695-5bd4-8a81-493ff6e8b024", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4533d9e4-697a-58aa-9385-21a176488a57", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd04fc8b-0789-5358-b125-f7ccf2f0f2a6", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d84908fd-e635-561b-9adf-3626ba0e11bd", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3ae729c-e110-553a-a831-578af14e9fec", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d2526d2-ee41-5e39-8744-6ebd21ffd75a", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:888076e1-a834-5789-9510-dc5d1cbfa987", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82fb39ad-0172-58d7-9918-da66a5593288", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@2.6.15-tuxcare.2" } ] }