{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:504bb347-5ff9-586e-b925-bde0612876fc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "4.2.9.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0efb7d7d-bdee-55aa-87a9-33b0da55830c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16fb2468-3db1-508c-8a20-bbd133a3f466", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b97a188e-0ab3-5b80-a581-bef59ead05ae", "id": "CVE-2018-1257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1257 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cb1caac-fea6-5465-b08d-cecf82402265", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9431ebe0-0a79-51de-9f6d-8371c0fd267e", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ce693a5-67f8-547c-b28a-9a5784a794d7", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4249c24a-d2f7-564b-ab28-078ad91f77a5", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b290479-2d32-5d26-a115-490a193fefc7", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c2e35bd-7ecb-5b01-8c70-6ac96a3826af", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28b8e00b-6684-5238-b43f-f3d7c90feebd", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e38678e3-5622-5b95-890a-1845a048eac1", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a49ce5c-f6ba-5deb-88e2-5b951632116f", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1ad9fd6-adfa-5db7-b05c-02e54b445382", "id": "CVE-2022-22965", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22965 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd504abb-ea69-5644-b74c-a05cc3b08bab", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00187c13-feec-50da-91eb-95f894d853e2", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20e8be27-3089-58ec-8c79-750656f5e2de", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb13d2cd-6cc2-5d1c-89e0-751b3a10c8b6", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfd4ea1b-88ab-5d2f-9cfd-55477dbfe853", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ee89813-7cbf-5c9b-bbc9-f9639bf4d650", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b2c0912-bbcf-540d-ac69-4e75fb4d3bd7", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4fa378b-ecb6-504f-8826-cc6e0a60c41d", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:494f9978-7d00-5da2-9543-b6cefb703ad1", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:289679b4-df1d-5815-8dee-f9e69a0b1b85", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a55ea1b1-445f-5c31-8616-6133fa2189f0", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:805c4d2a-5dda-50f3-a8b6-98418452f3c0", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67bfa63b-e112-5bda-8355-ad149b09aa98", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96516a47-f532-565c-9758-a1688425a08c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5936d2b2-adce-513d-8144-033c0f7499db", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfb95a5e-7531-5a37-afc9-0eb1e6991dd6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:938e60ce-5a9a-5846-a695-1970b73d2eba", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bbb0dd9-f404-55ed-89cc-62943d850072", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99f8dca9-2254-555c-820d-a1a0d2b4e537", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f47f0dcb-33ab-5e68-9adb-cf716ed0ddec", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bac0069-c94d-5726-9ea7-7d4b82e53528", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcfb6a5e-3e9c-50a5-979a-710c6a73eae5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a975e417-2b6a-58fd-9710-ee46d1d76470", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5b2bb59-3e39-599d-bdef-80e50e3c0aed", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32782687-cda2-50c3-83d8-da0e70814c48", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ba6c2eb-64f1-5779-8090-1bb9f5f515cc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a8d610a-34f6-5276-bede-8318490900c3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fb721b6-ef86-5eca-948f-5e130a9d89b9", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f1b6a63-1c85-5277-9787-3c620755bb45", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }