{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9cb84248-5027-593d-92af-daa2da3af9ca", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "4.2.9.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d753091a-4722-5807-942f-cec9111feb7c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49d91303-56be-58ad-94d9-caf35b8af775", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e728bb6-9dc2-5be7-9543-7919fac9b2eb", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ee9e5da-e8e1-5283-952c-d34c635df140", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:247e9091-5751-5b92-9325-64a174e1fa68", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ddea74c-6b24-575a-9879-1a2d97bf6ff8", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ca6ead7-7cd4-5305-8982-457914cca765", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84466769-8de4-5260-bcdb-b1ba28a08335", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5439ca7-c802-5396-a1d8-2e9454e30b1e", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2851e94c-436d-59c8-9944-3b5ff7736234", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0186e18f-ad90-5c3d-ab69-e8c29d560a22", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cfb00baa-ff53-50fc-8fa5-7b8ab9626cfd", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:522550d3-5d2d-5a83-806d-6de2a7ebceef", "id": "CVE-2022-22965", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22965 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c727bc0-49bf-5afc-9ddb-8454d78cc08d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e601a92a-06ab-5972-b50b-f0f28a9195bb", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b465ea9-a07c-55d3-8ff2-0079049d87de", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82b3a763-f15e-5dfe-8c5f-a3c98bd77c0c", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26bc037c-2f09-5e7a-b945-43d086d4a62e", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe94d50e-33b8-5060-9a88-b7ef1cbd3f29", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d59766d6-7664-5133-987c-f81c0d86b90e", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c576e27f-a300-5671-b858-410423c8083d", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:273982c7-24ea-5b14-b02a-669618bcefd3", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71eb3935-424a-518e-91aa-54d8ea740a3f", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:faaec786-c66e-5c09-82c7-0c73e98a41a7", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d95791d9-697a-592b-8f91-1ea1d38e2aac", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ada01566-5a7f-587a-8568-9f1515cc0271", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:580c6d69-7a18-5e17-84c3-123627a8049e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43e91739-c7cb-5ead-82cd-b86237e35900", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58149025-d765-5f80-8f69-422b9d9f1e6d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6ab2cab-32bc-5633-896e-1cbca089c704", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:091b7d90-7e6d-58f0-8234-91fe79668eb3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d2e123f-5453-5847-8cc8-5f2c216f089e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e783fcc1-c84f-5c63-a0c7-9affd95c7503", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9035ddd-2f48-5881-8d9f-518ab3e8997f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4febdaef-c1ea-5a2c-9061-8f875cecfa2b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96c646c6-9568-58c3-a289-dc27a96636a9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8994e43-8c67-5ef6-8f03-7f4c5b308cdd", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:437d87ab-91e3-5a2f-a65b-6d0a78c47714", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:668642a1-3d99-554e-a1a9-4b1006d95ecc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:796b2bbb-bb23-58ff-8d9d-5eb0a5e2ca05", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76ece4b5-fb66-53bd-b653-cd0992394869", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55b6609d-f83e-526d-a212-c64bbd40a033", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.1" } ] }