{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:48f58abd-380f-58ba-ab47-719959f0f73d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:54d043c2-1724-5a6f-800e-ac0ce4b64b04", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8c4fe33-9676-56e3-8c62-6cf1291a271d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:09f7fab0-92ae-51c9-81e3-fd72050a2db0", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9b165e7b-1aad-5bb7-a85f-ffa0d1e18ae6", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bbc25384-6904-542c-939d-0d4117a43b9e", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07525425-20ad-5a22-84f0-8d8b68e044eb", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efc2c5cd-49ff-5c45-871d-0c58166e113b", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80a023b1-a8b2-5e06-a101-cb7a4ffb0e1d", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d60e15bb-5dae-5e2d-a536-e0545518c876", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0a94f66-af38-5b15-b344-4009b44c27d4", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:216c2458-d3a0-5557-9ff4-ca5652d61e28", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f7e4f17-aab5-5056-aa73-5d1db87b5db7", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:154b4cda-6693-5423-9591-feb2192cec67", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48329a58-8392-54cb-8837-a4801a045746", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c01e5087-efa5-58e2-8de2-d14013ff320e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d598ed4-b4eb-5f1f-8966-e3de0eec8845", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d4d24c7-216b-582c-901a-0c347b81dffd", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:337a53dd-9c06-5ac1-a4c9-0dae06100dd0", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e712703f-c05d-5b0f-9df6-1611269db92f", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9b7587bf-4b3e-5339-9f32-50fa421e6315", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d5c5257-9cdd-5543-b05a-578c6ae45cdc", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3966f19f-b0d9-52f5-89da-88a0cc96b7e2", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:23e3e187-42a1-5288-9ed8-e3a56f31401e", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3825ec6-b48f-57b7-bb00-c8964f5f7bb2", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3aafa1f5-87f5-5ee7-bb70-824c55eb5257", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a0dbbfb-cb8e-5da7-bb1b-038c1ba33eca", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4093f691-8ef6-51e8-83c0-2e919ebc76ea", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:192a4866-15d9-5c61-ab68-c989efbe91f1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:058b3c54-b8d7-5385-9cf0-73889a827b36", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb0de6f4-1177-5016-9454-61bdfac7b44e", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf628414-e53e-533d-a5df-00c9709f14a1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9165a6b1-e75f-5747-9a79-ee3d7909e161", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86b829e5-6fca-54ad-a8c1-2492bb602d64", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:324d8400-968f-5323-b143-e6c44ef075f8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44d0d6a4-7912-54ab-8b4e-fc49ffec8650", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7afff0f-9d1e-5960-86e3-3071de7aab13", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7265f207-7ab6-5ffb-8a95-901ee0c54721", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0332e93-ce9a-5250-9093-fc319d441b08", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77133925-1ad9-55aa-905b-337909423d85", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d25a7ee-3093-5bb4-bfb5-9d81c3cfcfbf", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb3edb47-fcd9-5aed-b8ea-badd6ac55bec", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:107473ef-c630-559f-ac91-8bd93979e259", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c568ff7-ef2f-556c-a823-d5c7b8a66572", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a6c2a7cf-ad38-5b5f-9c44-08a066e4bb26", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.1.7.RELEASE-tuxcare.3" } ] }