{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c950440d-df0d-55d4-bc80-2b6f7ab097cb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.2.13.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ebaf0a97-676c-5149-b965-ffd50ff5c570", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a24223b6-a565-5b1d-a1c8-efe6db26f8d5", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3083d9bf-ed9e-5bac-8343-b4dfde722023", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8ae260c-0691-5b8b-b0cc-f3a8567de7a4", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d20da842-ce42-5442-9d2e-5ab83f358c36", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4859ebe-33ff-5c4e-b867-422ace8ebcf4", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c452500c-2bdf-5daa-aab2-1d80b19b1345", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e10716b2-1276-5716-9b82-6bf2e40d6a4d", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:155e9a57-9e60-5ea9-821d-80f90bfea7b1", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74cd676c-2120-5259-aecf-61f790716e6b", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c355aed-8c6f-590e-bdff-1c079ab600a4", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83a3b20e-f923-5f65-bdeb-5afd5211461e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0c62a281-cf54-50c3-be18-9996a12b1b8f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40d85662-e597-5e82-be5c-d8b64a81921a", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8097e9ce-643b-5a27-abfb-e652c784f756", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5f2a358-9656-595d-a0eb-fd0cd3d7f7a9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3dea4b4-df6f-547e-9a42-c9e40b86e81d", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af7f45e6-150d-5120-88f8-3d6cd3bf3630", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:129668a9-604c-5af7-8a02-eb19a094d64a", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad74ab22-80ce-56f4-ac4a-9c9381412873", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0596c157-b572-5a79-8634-5c00994691c0", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe44698c-761c-5a3a-888f-18fd79ee4c2c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:572e56b8-addc-5ff2-b14a-0f19271b7a74", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d8bbd75-b7ec-5182-be49-3c618b0c0d35", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e7182cf-62ee-5941-8008-5fcf4b139107", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:689e4625-5823-574b-9347-c26199f61c62", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e206050f-e0d7-5001-9138-2c7238cfb025", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a047c6a-9248-5958-9a4b-ade74b7e09de", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f96c8ba-e460-5622-b678-cdb1848ab95c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9caf55e8-ee58-55b1-806f-cbdf9365253d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c70db2ed-789a-5985-8e51-732a873735b3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98f5755e-cb98-54f5-ade2-2178c547815b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:20c5aab2-32b7-5d69-8a67-5054a351289c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eba0e3de-4596-5a84-a34e-bdb2f4949ba4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f7f89943-b07b-5b58-b69b-a8b6175fa670", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47046ca0-6282-5fcb-8656-267cc9060046", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb3a8ee1-e4d2-58be-8420-2388b89721c1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8396905-bb68-5623-b254-dccf5b20a466", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5cbbe158-3e7f-52e3-96fe-e47c3564a5cc", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dfd7c611-2649-5fbe-a18a-f5970d4bfda9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c1cdc68-2b0f-5d5c-a828-cb363ece2bc1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be1d35f8-605e-5789-880e-4e4e83da05db", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a92fbabe-3970-5818-ad4c-ad5f3b99f70f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.2.13.RELEASE-tuxcare.3" } ] }