{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ea27ce44-e9af-50fb-a356-88fab996fd4a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "4.1.7.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c51a8f08-a62d-5ab7-a414-547df3eedbb1", "id": "CVE-2015-5211", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5211 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b71765e-e4a2-5307-9edf-b4014bb25d11", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5566c15c-a4b4-5560-b006-67177f2a1596", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3da31876-ad31-5a83-bcc1-cd072eb44048", "id": "CVE-2018-11039", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11039 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e474eba0-f963-56e1-a2cd-c71294a45e89", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03a2bd36-508d-506d-80f4-29c8fcd7afc9", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f7bddcd-8784-5728-b5cb-db579d4d4759", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a92e7a2-b6a6-5b8e-ae1f-9cbddc055643", "id": "CVE-2018-1271", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1271 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d58817e-b9bb-5b90-8ce2-587632ae555d", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c1a8248-fb91-5207-8f7b-11b1332aa5fd", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3acb919b-6ef8-5d82-aff6-30f5c86645c1", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee8f46c3-4532-57e1-bad8-8f2c9ef42934", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7cc5e921-015a-5496-9da1-003fb81c48de", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09efa06f-7b71-571e-872f-78de485c04a9", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:391d8017-538a-57ee-a8a2-cf7fdedde26b", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d85055c-8603-582f-b945-f3c814d14d9f", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57900ecb-1d9a-5f5b-b170-8dd29069250a", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cfe25c6f-13fd-5bd1-9845-e37883cbc8ec", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5d86b6b-80fa-5979-8ae1-1db7f233a7d7", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79f4b62e-8848-54bc-bfa6-6a7b9cb88670", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:266c8ecb-2253-56a7-8ace-7826e9d7498c", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7cc12284-7b1a-5dab-b7f1-f7c39f4a59f5", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:807b403e-8a8d-53dd-827e-88728030bb7e", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01397111-0a64-5feb-9e38-4fd3845e44fd", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc3d9d44-d0e2-5154-8407-217979797f31", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08e71fc5-51b3-5f9d-8760-2c93c66b119e", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46078032-6ac1-58e8-ad8d-bc84878a4ca9", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af733925-4002-50c6-a617-a5e98b75fdbc", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:664c7943-7549-57c4-9dbc-b2f9765e1ded", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6756c3e1-5de9-5c76-a29d-a8c110797dcd", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:899fb18c-80ba-513b-b4e9-ac2fd98b40b9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e5e13c2-cb7b-513b-bf3d-2b3af7295394", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:430f6220-07cf-588f-b34f-132f13f30558", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5b29c7a-af2c-553c-8998-71d01b756600", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab257faa-6202-5bf6-9eae-6174693b3863", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bac9873-e53c-5dc5-9cf5-0629f049dabd", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11f0b461-bf25-5292-ade9-5bba6645e5fe", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6907705-6ca6-545b-8541-8a313015ba1d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b7908f7-8146-586a-93b5-e5e017ae4f94", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed696184-6dc1-5be6-9e2e-75500a1e92ee", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19c18ddc-539b-50fa-acd9-1c51f2068e72", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a82abf1e-2b33-587f-901e-8ad73a2635c8", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:197e8acd-0829-559a-a829-dca34f14682c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc364def-24ed-50f1-8235-42949a244240", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.1" } ] }