{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7c1902cb-acc2-5b6b-af5c-e5d0fde488ac", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "4.1.7.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7f8641b7-f755-540a-9865-cb552afcc5ab", "id": "CVE-2015-5211", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5211 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0d0aca1-5fd8-5e24-a929-dbd11df624fe", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fcec9b8b-6392-5a46-bee6-fc7e8e310c65", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0739a22c-409d-531f-9d9e-e52c4a15665a", "id": "CVE-2018-11039", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11039 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a801a614-fa23-5c12-a870-08d053b2ca37", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c607a6d-6e04-5d06-b2b6-d14a86477053", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c591a33-0bac-5af1-b474-97cc7d53e290", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a86ae148-cbec-5c38-9f26-f4d04d9e4600", "id": "CVE-2018-1271", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1271 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1457b2e9-9c39-54a9-8af6-61fa92877efa", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8573067e-055d-5d44-93a2-a32ea1e014d4", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23560d6f-a78e-5927-aa5f-3ba52918e9f0", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67dadaad-b2a2-5b98-92e7-5ae12a5b95ef", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e52137f-f6f9-5495-bb34-aa7975ad829f", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:242662dc-fb84-5ae5-9320-bfa8a9bd73ed", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ac3c04c-c54d-5f77-81c2-011f73640c3f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e78fa05-c3b3-5441-b9b5-af3322ed38e5", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7e01518-373a-5f97-a1ad-b7870db4259d", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9ed59ef-954e-5562-91ba-3d278e03df4f", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17303411-7f95-5fc6-952e-6e57db224ddb", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be5f2ede-bbb7-5414-9ed5-79e918057ae8", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:834f3401-b5c2-534d-8fe9-43ff5ca5461d", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b13e1f05-cf53-534e-9b3d-9a313cf8fdf9", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bed488d8-5c64-5453-9719-395f8b963836", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15430689-3875-5c93-ace0-15b0980e9959", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c799395-5258-5f0a-ac54-4c19c342c802", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c2b9cfe-6b14-5950-bab3-4a25c0eca14d", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db81c046-b599-5d12-90b8-c46a0da40575", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9875785d-6aaa-5775-a920-147ea72f8347", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68c3e924-99a8-51cd-a3f4-374e7c46e5a0", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0715015c-4934-56e4-b312-6154b1009eb7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1655ef5b-3624-54f6-b128-3747ee7d3560", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8cc0efef-eb07-59a9-8a6f-c280da43ae2b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33ffe594-db36-5a72-afcf-76fc450fa115", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2743feb7-a245-545d-a94a-8c02083ebf38", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14d5c694-d71a-5c94-9d2f-a781b229f05b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ef45160-ce3a-54ab-8c66-82d8f2e90206", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:739dee24-54cb-55e0-ae8e-8bda31226274", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e09ae60-36a3-5e5b-af81-f5c2580c50ff", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2fb011c-4f5e-5d67-99a2-0997540f8c52", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62bd7f6e-b5c3-5e28-9929-edff00ef9830", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:035565b5-a627-55bb-b54f-2d68b1585b81", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c717884-6a21-54ee-9401-9d7371eff80a", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37a20a54-18e8-5f93-97a1-f31431003457", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea12ec5f-a140-593a-bb0f-e048280c688f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.1" } ] }