{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b701514f-af38-5fc7-94e4-45720ec4553a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d29f8bb7-9ed7-51b9-a9d8-13d2f39fdf43", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b603b7c4-cfc5-5cde-8e35-8984432c9d77", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71c0c18e-8ee7-53d1-897f-46330152c086", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ca3b6cf-13be-57ea-a2f6-f19e25df19ed", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8447d3e4-26e9-5c67-a3ca-342f80226c20", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0b5dfac-3038-5bd6-a8aa-1116ffe9b0aa", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5b1c2c8-f1f5-5c9c-a386-c477045df741", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c8b56ad-5173-52aa-8742-dc30ea4cfa12", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62e4f9c9-b3fd-5837-956e-84ecd8fb37a0", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bc48bc4-0d38-5c71-a7cd-0e83fcdfd492", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28cd07b6-b112-5d71-ba85-e0731e1bfd99", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb62eb1d-e521-5acb-8d2d-af5567cabfb9", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a602396-adde-5217-aac2-7d0f8b84dbf7", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2bb69e7-0793-5a1c-a665-8c243846b91f", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7a3c391-d330-5ec8-a2e7-c567d2a4b543", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30bd16b3-de3e-5113-8680-f028cac8a458", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45b2f4c6-7edf-5c50-bd5a-71f0ac858a03", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b45898c-ff2c-5785-8b71-ceb12f74b29e", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:156eb8d6-5147-5dac-bb52-1ae91b11cca9", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9d79deb-0206-558e-9eb2-e6fb53d428b8", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1dfeb534-2bdb-5238-a573-7526f9bdd60f", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7eb93da-a296-5437-9b6e-ded6c5358169", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c637470-a70a-5b20-b7b9-6df430e330db", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e959caa3-9712-55e1-8872-a0c87562170a", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:556e02c0-7821-5e7c-953f-6b267771f247", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d568a605-79c9-533d-ba9e-5317be102508", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c23d7085-bd4a-5ed4-990e-1faf9ab40264", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f035bc26-aae9-5dff-ba33-fea3949c4e93", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0580a300-f783-54c2-90b0-624095057740", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9572f201-5aaf-546f-bf4c-71c75be1ee22", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:147dbae2-4e60-55c3-9d04-c1d37a65718d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d20983b8-54aa-5a4d-b4ef-d56b34dfbfcd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7d68666-ab5b-5dab-9565-91f95cefa72e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf28f08f-65f7-54fa-bab3-993a1a7a3b76", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9b633c5-d362-5cc0-8678-488f2aeb51b5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93e9fb6d-d717-5be6-bad1-c0fc42bfc09f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6944c8f-422f-54f7-a4cf-338dd3e4b995", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1cf43a81-f962-55c5-bbe2-d6c5d957f636", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e272bac-66c6-55f8-9429-0dcef58700af", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:322f952d-287e-5641-b7ec-c0fa0cd2b292", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0da2264a-f561-5a91-a936-ff2576090a88", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:973e9b2a-f3e3-5313-b3a9-f9b7c0c44dbe", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eda8b3f6-5834-558d-b459-2d5416e02b5b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9ec6a5f-3e0a-5bef-808f-f437e7fb8ea3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.2" } ] }