{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:889a4cb0-3c02-522a-84b5-f4fff2f05118", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:75fa53da-63fc-5de7-a685-98efe0de3899", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33770c81-81df-53ac-8700-262dc7e5807b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:268fe842-0536-51b9-a853-b1dca53fcd0f", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2c293a5b-eff5-5a08-b12a-1ccf4beff643", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6803ac1a-2fdd-5a42-8c98-1f1ccb95bbab", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e8cd5e3-ae89-5dc6-b374-fad6ed5a7301", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5c822d8-3fc2-573c-a673-981ccb166029", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce3a7df9-b312-5b2e-9efa-30c9211179fd", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e40bb51-0693-585d-8806-434d7b306dce", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a950f8e4-528f-5236-8d4c-294fa6b3d2b6", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b3ad4f6-c991-56c2-989e-c4cd2b593248", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c1b335f-1fa7-5cb8-ac5a-3f6a18f48b24", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec1775ff-3da9-5529-8d0f-319adbbd6da7", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:52d9bc2a-b95b-549f-93b3-9ab2b155420d", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d2f2852-8a89-570d-8fbc-f1fd6f0b99ab", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30b79764-19b8-5f54-b4a9-f80b5827ae3a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d491d2ac-6846-5406-a547-2fe26ec21972", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f7954bc3-3213-50a7-9d2e-1a7508fa7d1e", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e2c377d8-0850-59f2-b180-ada374e68672", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb44e5d2-a9b7-5c0d-9690-30df9b4bcaa0", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1caf61d8-a7de-53de-b9e3-2d9d6b34dc34", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f54dd523-101c-503a-9d02-26af6d9a3987", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a0792f0-644b-50e3-a9b8-b3548af9d922", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b502031-d0b6-54bf-bd53-220f8d7b815c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7c8de44-f436-584a-b56f-db660b66b1de", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:344288bc-fc28-53e0-bdb8-16bcafee10fe", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:caa162e8-b05a-5f92-b39d-882accdd848b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce715b0a-1e76-513f-b6d1-ed766cc28ac3", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31537405-7051-5600-8f45-68f4fe2c6970", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ee68ca4-a30d-58e5-963f-883bbf86732f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9250accf-6e6a-5d1e-8979-e9bf009cae91", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70eba283-2041-5aa6-9907-1cb23053b041", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e2247fc-d7f6-57a0-8060-42d16e6ddca5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe89f42c-8ca3-5cd4-808f-c2450c67756f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7506155c-f9a6-5a00-97ef-b4c9220e5495", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aed41ad8-4f84-5789-ac33-7d7969b14207", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:933e8d0c-0d88-5f74-9846-09f9343f488b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1bca4b3b-56c8-51cd-8693-8642d27e445f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ade6dd32-a8d4-5248-8977-0802a5aa6445", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8669e0aa-4ca3-593b-b306-33481ba372bf", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92461fe5-2c74-541a-81dd-c534e79dab68", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab611fe5-1b60-5a68-839a-6627da7f46c0", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9006500-f106-5eda-b900-c93f13424b20", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e9715c5-f1d7-55d9-b12e-1d282eee9e3d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.1.7.RELEASE-tuxcare.3" } ] }