{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b3e8e3ea-76c6-5e7c-802b-27427f3a6ed0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:257e173b-356a-59cc-8550-85eef8e28f61", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7583aecd-638f-583a-92f3-c174472a40e8", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35f7493e-2772-50ea-986c-664fc0f57bc5", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29017f08-8d4d-5668-a671-af4b33f54e56", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff54acd8-4e1a-52d7-8eca-982abcc1bda4", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f962504d-cfcd-5882-a340-413950899a75", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1799cf3-fa41-530e-916b-bb78e05829c7", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5cf90156-4c0e-50cb-8fc0-8146cddff264", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb7228d6-0305-5aee-83ad-df18c34e5844", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ebc5840-484a-5e68-a0ea-4416ad35c3e3", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:195aa38e-b156-5d5a-abc1-f8348e06a71f", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3837b32-ef87-587b-9e0a-9fdb8e2c92be", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1da25b2-b511-5a33-8e70-fc2cdbc71e7c", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27fc333f-7f94-5de5-88c3-8ade9bd4f589", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf812c68-9856-5e7f-bd48-24240606dc53", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c187c8b1-dd8b-5eba-bf1e-9acdba52c213", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3feabc35-c3ef-56c9-bec8-839bc6f4eac3", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f679ac2-a1f0-5c85-9168-7d9dfd97c01f", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c6b3c35-7915-5bbb-a850-38cff17307ed", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f7d252b-c0b1-564e-b28a-2976ba2d6adb", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a61ebd5-8d80-56e6-8bff-523fb0e98000", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71d79b86-00e4-541d-9f9a-ac6b5b1d085f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d20e8597-16bf-57e2-bb30-38eabcee87c1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbc32888-96b0-5e82-88b1-f4f0f741e448", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a67ee84a-f362-56a5-b0bd-15d7346da570", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4665b49-6b5a-5019-9920-d86d21c609d4", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35b5c619-b611-558c-9e76-f37fc0c902d3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d48774c1-22bc-5a5c-b675-7ceec2206134", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17e902be-726c-55df-b664-fe4a158ba0ac", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74cb689a-159f-58c2-903f-b048a885c269", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c80d7554-3cbd-5d69-af1e-5981a6369575", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5f122c3-5855-574e-986c-080cbd7fbaf0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e1afb0a-9205-5d93-b7e8-055bced0e082", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54ca1f97-6d94-5744-89fe-45129375219e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85be0fcf-7ffa-5d02-850f-20a8d0636c6f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff52fa0f-985f-52a1-a3f1-bc5e22f6d742", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48715e40-3a6f-52f4-b917-fc78b7caea94", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48486719-6613-5904-8107-143d61694471", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed4d4456-6bd8-52a8-a195-b4cda83dacf9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60006a76-ec26-567b-bc3e-9d9fbcd535dc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3eef14ee-e6e8-5ac6-be6f-2c0ccf69d594", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9f74161-da60-56e9-9746-a2c669ad2bce", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72bb093a-beee-5f2b-9beb-a27ec7b3ae40", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.1" } ] }