{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:15ef67d0-bec8-53c5-8077-b498c28433df",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1",
      "type": "library",
      "group": "org.springframework.boot",
      "name": "spring-boot-starter-quartz",
      "version": "2.4.5-tuxcare.1",
      "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:71ca6a62-00d9-57a5-853d-099c00230fad",
      "id": "CVE-2023-20873",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e1e27261-731d-5568-affc-f660bb3f7b67",
      "id": "CVE-2023-20883",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:22bc5eed-5d90-5072-b03e-bc2d9c70eb2b",
      "id": "CVE-2023-34055",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:317c81dc-0698-530d-b0ae-c2cf0062e5d1",
      "id": "CVE-2023-38286",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2023-38286 affects version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0901c3fa-8990-5776-8aaf-92f276cde45c",
      "id": "CVE-2024-38807",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38807 affects version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c75e1699-e99a-5e1a-9833-0508945f5995",
      "id": "CVE-2025-22235",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b92101e1-7bb7-55ac-82c9-fb840f51744d",
      "id": "CVE-2026-22733",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22733 affects version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9feae6ef-a2b2-50ce-8d68-f230dece6463",
      "id": "CVE-2026-40972",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40972 affects version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e0303bdc-831f-55aa-897c-eb14ae89d19b",
      "id": "CVE-2026-40973",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40973 affects version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bc97df47-2b3a-5801-85d2-205043a39686",
      "id": "CVE-2026-40974",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40974 affects version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3d98acd5-bd8f-5cfe-a9b6-1c32b08401e2",
      "id": "CVE-2026-40975",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40975 affects version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:563f958b-8638-5931-8234-fb742ef703f8",
      "id": "CVE-2026-40977",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40977 affects version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d73e45a6-8655-5f2f-8a69-8bb8c75fdeba",
      "id": "CVE-2026-40992",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-40992 does not affect version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz. not_affected \u2014 Spring Boot 2.7.18 is not affected by CVE-2026-40992. The vulnerability exists in the SSL auto-configuration feature introduced in Spring Boot 3.x/4.x (controlled via spring.mail.ssl.enabled and spring.mail.ssl.bundle properties). This SSL auto-configuration feature does not exist in version 2.7.18. In 2.7.18, users must manually configure all JavaMail properties via spring.mail.properties.*, i..."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6426c20c-d884-5237-8aa3-c42f2982ae85",
      "id": "CVE-2026-41001",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41001 affects version 2.4.5-tuxcare.1 of org.springframework.boot:spring-boot-starter-quartz."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-quartz@2.4.5-tuxcare.1"
    }
  ]
}