{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f6e494c3-e5a9-5323-b6e7-3a10b1eece78", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d28a442f-b812-5212-9053-d299d7eda706", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6920e714-313c-5474-95f7-0f470cf12891", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18ef0a8c-207f-5441-a9e4-034e0317d97b", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3930bf86-8b6f-5c6d-82aa-c938a588a92b", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3f7d36d-bcc5-593e-a651-cdaebbb74f73", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7dd531ee-0db3-51ed-ad08-f51a84fae4f4", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ecde338-880b-514f-8f89-1b2d0eed3323", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b44cabfa-fdcb-5822-9d09-cc481cd2beae", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3bdce80d-f848-51f1-a634-b151c063ea46", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ebec3d8-895a-5818-a4ce-7601ff3b299b", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89a5258e-6e9a-5f0d-9738-068ca9d3b665", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad097679-083d-5a56-af0b-ec9b8d2da95e", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c515adf-2879-5091-a673-105d3f1a4cc1", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d2d43ff-cc89-5b60-a2b6-579314c33245", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ceac46f5-5199-5ba0-bf99-fe7c229e5cad", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5dbc51fe-bccb-5f5f-8971-00ff8c763236", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e709effd-b782-5f7c-843c-7be07ae0e8bb", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f77ddb5-c901-5996-bfd7-eb728843e809", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a97a4cc-944e-59b1-8171-8b4a9b9a883b", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23c8f560-6fe7-528d-9215-6f6fea4bf392", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b67d1a5-6e0c-5239-a4fd-d577d1fe0721", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d3fb173-2ef3-54ce-a270-201efd101fd8", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27d39b60-6458-59dd-aba2-0ae385060779", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd4e69df-b819-58d5-a6c9-d18f61765703", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f7781fd-3938-5436-bd38-439f2de167b2", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:201f22b7-3acc-54dd-9335-f40c9ecc2b04", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0c7d380-f818-5fbc-8721-e99ba18594e3", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c916a009-11a0-51d1-9aea-673867e76599", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9a735ad-4dc8-5f51-966f-708c1c40d231", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a7ff57f-0c5e-5508-ba2f-f47b23d92fab", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ccacfd7e-3ee6-5043-837d-87915a16291d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c941161-c64a-5946-ac06-9acb4f113812", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b4bf892-80cb-5757-ae25-b2c470e28562", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d336b0c4-5913-51b9-a851-54097d1154da", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26b6fcf8-b9a2-5dc7-9b4e-937459eded19", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57c6a88c-dbfc-5695-be1c-2ab697effa6d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:beb84e66-4773-5c4d-a8c6-53d406d568a1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b26e2bc5-4aea-5363-a16f-ebee2e2d3a5b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eeb87844-6ddf-5040-9d34-eb3d378eb8c4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fb4e8ab-6af8-5270-a695-c30ec3a34e3c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d7517309-880b-5e7b-9a67-483ff3492ec4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f132f30-cf2c-5234-b5e7-7ed62c6aa263", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2b2eaeb-5937-56a9-b856-dc7d28cb605f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e5da5cb-2466-5871-af4b-e77d184f66bd", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.2" } ] }