{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0d6c4e3e-33fd-56f3-ba7e-0e1cfb1c2272", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a91abdca-37b4-5427-9c23-ffff107e3b97", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:702383e8-1b71-5487-b590-7339ea7b0c9a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75c68d1e-e73b-560d-b16b-82f9b66d3638", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dab7e3dd-9f4f-5909-bd20-fed8233b4add", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d93cf13-9f56-5e6e-bc47-c04ea7acb072", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f53b05b5-9b5d-53f5-aef9-5b4fc7fce842", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:124c4ba5-e328-545c-b0b0-89ca43f6a7b3", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4bce88f-3251-548e-81ca-deac26184370", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17131371-1765-5b60-b19d-6232403d86f0", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2701077-c152-5cde-a445-c4b0d023229f", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93a7b5bd-d808-557e-8415-b53dcb1a78ad", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af4fe534-7890-5ec9-9be0-c7c9eb14262b", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77179668-fd8f-5e07-b78b-7711a1365f9d", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:653dbe53-4e87-5658-bc24-9973784bbc5f", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:344c1819-07c9-53d7-8649-ae8f4ebbfaaf", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1da11c1b-70ef-551e-aecc-955ded95830a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93d529fc-687d-58d9-9526-48508cb08da5", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c3dff43-8e1c-5987-9dc2-395df0f91fed", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c55a2343-7e9c-5f53-b473-dd039b63e89d", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ea884b6-afaa-5719-af3f-48b131f40542", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7b111c8-bcc7-5ef4-85e8-7c10557f68b4", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6b4c6a7-3994-54b9-8b89-9deac8bc017e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23bf1292-e1db-557f-9135-5edf6bf7ad0e", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11e32df1-9ab4-53df-a409-3e1869fe164a", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66660f48-4b95-5cf2-ae78-58716d85e134", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f19daaa-a14f-5c97-bbc2-4b3a3b996a98", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef96b582-6f1b-5f5a-867c-f9ee95dd15a4", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f981dbb-15b2-5396-9e7b-685c4b2d53fc", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af7acc22-21dc-5035-a67b-d0534808dbcb", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8e269df-7ed0-5fcf-a5e8-489baf47873b", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6413f543-9554-5257-a749-342453bf0d47", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:073f75a6-26a2-5942-968a-23b53891031f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f84f4f69-9ff1-5998-881f-169c41084ea5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad1c04d1-1119-513a-926f-55d8e1d314fd", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:452e7cb5-cfa4-52bf-ae71-c6ae9b0153d5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dde63811-022c-5fea-accc-aa6e55ca3cc6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10293d5a-8355-5ee8-a1b5-d445685f38d8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e58193cc-55d6-5e4b-8027-94a207ac2240", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:140c9c5c-0d83-5752-be31-8dcc332d7fac", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:033eacb5-6a22-5dba-88d2-efb4014ca531", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8bc60ed-34db-5add-a519-70ffa0d691e0", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5be885ea-5295-5280-a785-5265318cac14", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00199b42-0802-5f49-8149-c3df72d55ec7", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b7ce1fc-6a6b-55fb-8432-f0bb0629481d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.1.7.RELEASE-tuxcare.2" } ] }