{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:28a93350-bd0d-5784-ab49-a9f49e3e1868", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2d58c7ed-133e-5bb9-aea2-e8912229ca28", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71066adc-433e-548f-b58e-4ca23e14183c", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f600eadd-aeb2-5f99-b74b-617212131699", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68d59bda-6b32-5159-8406-f1053ca6dc31", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81fea305-d851-5155-9ec5-9c72eadacea2", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:257363da-c08f-5e46-b9a7-a07c995f06d4", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ed84ef5-664b-516a-8652-baeb2774b57b", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c994e579-0aee-5f53-9039-0a7aa50f16f1", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5062dd7-7d57-52df-bca5-3e9540d15b07", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e77bd1d4-3e17-57b6-9cd3-fec8cdf322e6", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:478e2d14-68d8-54a2-b1a2-ba26f1729cd8", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f93cd133-62bd-5f9e-9f5b-d69b1fed5652", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d806ca6-c9b8-5a25-bb12-4c9120c50814", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c00ce84-8b1e-58db-9ee0-290618822b8a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa4fa097-4030-526e-ab87-8fe7769352e5", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac22e936-496a-5820-b848-c607d8a10e2a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cce6df9f-7cc1-5b85-a83e-d95746c4951e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f815719f-3018-53f6-806f-2c014b9280cd", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0877642-05a9-5c56-a051-36144687bbfd", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:decde721-6c68-58d7-b7ce-28fd0da86aeb", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0e582ac-90f5-51d4-b579-26489805405a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:058f18d0-b93a-5084-8bff-c64a0386b1da", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c8a67e0-e9a1-5963-af99-86aa948e9c7e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59d01d9b-992d-5bd5-8a58-76690a3d97d4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:420ee156-8aa3-5c3c-8d81-0bdb2e9fc0d1", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87a3a09a-d830-5d09-8dcb-c331324bcf90", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c7c5e40-a9f5-5e92-b619-4708cb148504", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef31712b-006a-5ae7-9b5d-7770360e231f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce5c50f2-45b1-52de-a6ef-89e060f80fc4", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b84d9842-1c87-5d2b-9e7c-d6229a93a383", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:469f5680-fbdc-5f77-9c81-d30de0c9de6a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05971492-b003-5b49-a5f4-274c7bee78e0", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef06f278-662f-58c3-a789-0c700e6dcba1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:737b030b-8519-5bc1-b74c-8bad70371d5e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f8cf3e9-0d47-5108-8f02-b3048e316216", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9db60ef3-47f2-5a25-a8cd-38e7c414cdb9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e27dbb8-19b7-5d4b-9ebd-aa6f2163c1e4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0503443a-2c55-5c03-92d1-1a8cc3735de0", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:856ba85d-4f3c-596f-977d-0104df1b22fa", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc9a2684-6c25-5184-b859-871b30505d9e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.3.30.RELEASE-tuxcare.1" } ] }