{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a44bfe9d-3c8b-55c1-b1f8-8b8fd5c795af", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.2.13.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e0621eb6-789b-56f5-a0c9-b305658b7b33", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:21d96ae8-92ca-58f6-808d-dd552b372b93", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:12c3454e-f8ec-51bd-8330-b76c982be4b0", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bb686af5-9cd5-5ecf-ac53-6c7bada5f4d0", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:92b4beb3-9dcf-5cbf-910c-a82f895870f4", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a089b22f-1b94-537f-982f-3023fd0b1d37", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e79edccc-c9e4-5de8-9ac9-8beff148df0d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:82a9bde5-ad19-56eb-9ade-3dbf0102a753", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8daac2d0-c647-5f43-910e-f5cf39e71dcc", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c10ad145-c12d-5b91-8e4a-2cd2e37cfe62", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:38490ca5-db61-5a73-972d-451c9eac316e", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:530866d0-fe43-5790-aa27-ac8457aba942", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:42dad2c8-2fb0-5aa9-b4a9-e037cb7ff4ac", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a129786b-68c7-52e5-9abb-85be3f09f3c9", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:80b4147c-157f-5f70-bba4-9c8dcfbb7e04", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:869428ef-1d36-5f77-ac14-0899388fa31c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:43605931-512b-56f0-b88a-c6f9d36b870f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20c14e29-abe1-5ccc-8342-1deeec1f27a6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0f8d883-1d15-59e3-abec-62f040b0c212", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4241a50b-64fc-5326-9da4-ba0fc532b5c8", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:022592b6-f649-5f0d-a997-7f6f08d5e56e", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a34e255-f66c-5bf3-8e2f-44b5d97a5c27", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47fdba1f-f429-5f29-98cb-5843880cab32", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:426586ff-32c0-50d0-92f2-b6679b5d3f69", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03488aa7-372e-55c6-bd5f-1ca5edc56397", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91cd7d7e-211e-5370-9b29-bda839984096", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bda56de2-6c88-58bc-aec3-15f9982bd4db", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67bf13a3-49a0-5d09-a308-8907403c2a15", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d07be2b9-c403-5929-a789-ae3d34c5342d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20a393c5-a0c1-55dc-9276-2e6c0a1edf9a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1d81fd01-e997-57a6-bcc7-f6508c48e9c6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:695b263d-a879-5e23-b0b4-185115969362", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc20fb36-78b2-585e-b604-a7ec304adc7e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61bfbe6a-3d1d-5b51-afc6-faba5aab003d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9a67949a-5648-5e05-9c46-ae0345dc8ab5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e93ace1-0128-5338-8da2-8b6739192d2d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3099a4d9-33ea-5a97-92ff-b5ad55801325", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40f05fac-4dc7-5d5e-9269-1c4bf824bacf", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:691b4695-b8cf-5379-a4d4-5a52e922c42e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9ee604b7-b744-572c-88d4-fb8631680bd6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1efee817-e868-5fe9-bbb2-9c6487bf23c1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6e3ca832-9df2-5f68-92c6-dab792bd6e01", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:63fa16a6-0541-5f46-85af-89f1f65504a1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.4" } ] }