{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4a59f048-7a5f-5fcf-a6d9-772d0669cf60", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e1ddef7a-d0c3-502a-930c-d295da1cb743", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:545af24a-318e-591b-977c-b17376e1eda7", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83db9d58-125c-5b87-8669-19f1a63e7718", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c1bd750-6f36-5145-9230-2334605e4468", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcf436d5-ec1b-5931-ae7f-45b7d2c03b67", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cc159e8-45c3-54e3-a12e-78ebbab0b7e0", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd169c5d-6069-556a-a6ba-f31c0453f226", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e6bd759-cb20-5197-b203-d6c061e49ab8", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89783975-e8eb-5b33-a82a-1047b8a4eeef", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db019aac-09d4-5e5a-9bd7-0ebd8c008eae", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a99ea749-6cb6-5730-af08-37144370ff24", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a3a4d30-cc59-5776-a048-63a710d11ab8", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bf99ed4-76b6-5ea5-92b0-89c1d4e0c379", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a5a5eab-9e5e-5b9e-a149-cb13d04be03b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfd9c20c-4a72-5e3b-a8bf-5cb24fa9df29", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b673213-d17b-58c5-8069-d92c7ed2576c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27a852c1-0da1-5d68-b15d-c00c9c4a4ebb", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:343f8336-2eab-5c30-a402-b379c36f8cb3", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9606a03-9ff9-5954-8e58-f57e9cbfde98", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdade075-9aba-5078-9e0b-90088f3b94d1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:267878af-a8bf-5463-8006-b99197d69de4", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc4f4e60-e774-5363-8343-55e743162de6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2939bb8f-2983-51e5-84cf-dbcb13e129fb", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8db1f7d8-15b5-59aa-9119-7e8f4baa874e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3200049-8afb-5b93-aed3-bc96f26f29a6", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aad0a401-29d5-5a2c-99d9-66d66add7cd1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f02f863-e265-5e72-bca7-85c614b19612", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42c41caa-c4cf-5bb9-8134-c34d9a22ff76", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61b5996b-293a-56c7-8825-9fd16fda6d5a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11858ac1-f0c0-543d-8f25-07f275a35925", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b14b0e1-9ffc-5f54-8179-e440cedf9535", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ca93fda-5d89-53ff-84b9-710d077e1fd8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbb1987e-f012-5495-8780-21dc73e04f1e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76786d63-cd0f-5cfc-887d-04b3390f3bc2", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:631079c2-1fe3-581d-af67-43870ac01feb", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be77cf65-b0ab-5d01-bafb-647b5300c255", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fb4eaeb-b54f-573b-8a50-3c26ac37937b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38e64b41-0d11-51f9-a0de-3a760e3bc565", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73b1cd9f-e639-5bff-901b-99175feffd34", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f36cc7d7-b339-59ec-829e-524658accd2c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.2" } ] }