{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fa7bf0d3-65be-5a9f-9715-f9fdddf94aaa", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1555fa12-5a6e-5d31-b5fc-daac854a8f65", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7ab0016-c756-515f-a18c-9284033fb0ab", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5db2fec5-fc11-545e-912a-a9d7502e276b", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe42318b-e887-5ae6-9568-caa51ce45ea6", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23e7c8fd-f714-54de-866a-46d2a1fa73cc", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c45dc592-2f40-5847-a007-635a186879ca", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01b0f8da-fa10-5a6c-9a55-d78d13ddf862", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59d23f15-7e51-54e1-9aa6-3b442f884497", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e288672-dad8-5313-993e-5e8d6a3f99e6", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5c7ff49-91ec-5aa5-a67f-4420dab2e308", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:494b05ed-ab2c-5a55-9468-28205a759131", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5f0cd5f-58f0-52cd-9b44-7191aa510637", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1424016e-a525-5f28-b001-61519644257b", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f9cf1bb-5e47-5250-99e6-a4bce19e462f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c73f7a26-538b-5a8d-aef9-b3d9a116a8b5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa78e80d-5e06-5951-908f-5b4b288fb19e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:387943dd-f994-5fe3-a3d3-92538534ba38", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dacc29e1-7216-55c3-a9cc-1421c0148963", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d81de178-e561-55a1-a977-ea374ff18f77", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-orm 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9409836f-3af3-52f4-8f98-fb5b34559100", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c567d2d3-a993-5c01-91b4-1a28a39cb0be", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ab09396-4cf7-5964-8ea8-c182f60aee59", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd970d9e-4a14-583e-9557-d6383b56d425", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c64e49d-ebb5-52a9-8f0c-427b8071bc61", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-orm 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6db6c6a7-6a87-53bc-8ded-3d04b475c1fc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06430fa2-6869-51d4-b9d5-59c388ea3f1a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1671ff4-6c26-55da-8a48-c1f550bab63f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fbb8fe4-09b1-591a-9c4d-87cc7e3c6e4e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e3cd32e-b167-5c4d-8e6b-3861c50c7ceb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4fead37-bd92-5f11-b29e-4017fdc30292", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04d460e1-4f51-53f9-a375-f7e0144d07c1", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f65c66ab-d5bb-57af-be44-6e52bfd04476", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65e037c2-2480-571f-bd19-a4461bdc2c56", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d724a3d-7328-5bef-aa3a-c2f3d88c0517", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6570d8a9-9f05-5126-9e54-3f3e645c7025", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2976d3ec-fcb5-5f8a-863f-471346f84cf7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa6f2839-afa2-563f-8701-ef23c6f39564", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b1a6c06-85a9-52fb-bb24-9e6b8e1e19ea", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cae03a10-054d-5798-9ffc-40f9a321bf33", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb58b08d-f114-5139-bf7c-590e94cc3a95", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40eadc11-7a6a-510f-9cac-1ef899168715", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50af89a4-4909-568a-9dfe-b13668546b70", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f68fec0-ce6b-5548-86dc-f7907d708b89", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a038ba85-ed4c-57b4-9a25-bb883853fd01", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:234e3683-0188-5564-9f08-b7503c52dd1b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }