{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:060711e2-5d24-572e-964b-02bfc5e5be59", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9e9a528a-e9d5-50ce-a8ab-3114536dc78f", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ec67c47-e966-5024-93fd-843e209b7260", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7815640c-b97e-552b-b2b7-fc10ffc39f71", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e250255-6a22-5c0a-991b-52bf2aad6be7", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe4b999e-ac92-5867-8c83-e4b583810ce2", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69fd1483-dff7-5aa4-bb58-862701d02bf1", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01d567a5-71a6-5a12-978d-ca5d02eefc2d", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f678eb15-6a7f-595e-bd8b-93cd6b95920f", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15109a5b-fa8d-561a-bc0a-2e9ac31515fb", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76beccdf-5412-5504-bfb9-4a9bbfacb907", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:172a180b-4121-595e-8d5a-546714f71f0b", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24057a8a-8d23-5840-9b12-001e672f5245", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20f75cca-d7bc-5915-8e6c-e9bfca19af43", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:036d97e1-0c70-5ffd-846f-dc99e68ab667", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fe0ca7f-64a2-5a8a-a9bc-24146ba6c101", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78791794-4d06-53ba-a865-1b12bf8389d1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40091125-b825-5ccc-a385-199263faa238", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28d40e71-f90d-5038-97b7-1f952acf88f4", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41aa0edb-10db-5ab0-a7cc-3332307f839d", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29cf5a0e-2f60-5228-a69e-e29347c435b5", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6810a86-fa61-5e38-9985-82493b6d3fae", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94dd0294-d9d3-5f5a-9991-16f272cf994a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cb342b6-3813-594b-8c02-92e2c76f18dd", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b999fd85-d7de-5b35-9458-ab28cf5bb498", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8a9c81b-ea21-56dd-bf98-6e48eb6e9e69", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b74a4ac1-7dd4-5e07-987c-2a557e803ddf", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da27f1e0-ca86-595d-90ab-910370feca5e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b96cdb0e-455c-5856-8821-ed3db7f4399b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efc3d266-fac9-58e1-a5be-6bbd988a5200", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:789a0f69-d74b-59ce-817f-c331445de96e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2beac48-51d4-5a48-a342-d395330c7d51", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed6ad003-bf26-5a96-a387-0df8eb6b3487", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca2a4179-6c7f-5221-b1a1-d56668cc7775", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80118e3c-d561-54f0-a105-ac624a1d4b9a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a0d498c-546a-5ee0-869a-dca9255f4c85", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cbd50dae-267a-519a-8f9e-237751126d9b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cde265e2-3f75-5601-ad0d-d64ba16e0a24", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df6e7b63-92b7-516d-80a0-965ba0c8f878", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ce9e66c-718c-575c-a5c4-9c031a44d34c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:882f957e-386c-51fa-bda3-c7ee584d7717", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8a20190-1a95-52ee-9803-d11e4b49def7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c247603-84a5-5e5e-9f70-b7caf4d43a36", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:559a1734-62db-579a-b4a7-60cb0c73c417", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.2" } ] }