{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:886eb2de-c255-5aa3-8556-ef39cd0629ce", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webmvc-portlet", "version": "4.1.7.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:73f085d9-3e04-5282-8152-ed9f3ee43ed6", "id": "CVE-2015-5211", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5211 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5aee0b9-1a86-594b-90ef-78ab43d863f3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:011e18e4-0daf-5215-9c5a-8aa19c47564c", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c89de42a-c355-5ac7-a488-d1c980fc1061", "id": "CVE-2018-11039", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11039 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb838468-a481-5f9e-a47b-5d7ed3057d0c", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efbca1db-896e-55dc-9905-f84c2550d041", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6788590c-0adf-579b-81b0-004f3507025c", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87b66c94-687a-515f-8ee5-2de70db62a80", "id": "CVE-2018-1271", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1271 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c7ccc45-0076-5838-9049-889e3d5849e9", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbf7fa88-0861-5a28-8496-2c7c4588fb30", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fcf2a929-1f74-5200-84e7-9a7dd5ea7f69", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f7e15bb-efbb-54c6-a25e-324a23d59bca", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:898045b3-8fe4-5153-a337-a20c753b75b3", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea45337d-fc40-59a6-913f-3126c9e9e117", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a13c578c-816c-57bb-a33b-50c7c3c589c9", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:341fb918-1e10-51d1-917d-d2c8693b9f69", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf651b08-1bce-524a-ab0c-3b44edfeaa19", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bf3df3b-4d59-5333-9f73-4ba07a62f6d7", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4f3ded5-b3ce-569e-9d82-e3db275cfc6c", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9f6f185-ecda-5437-ac7a-6383d498a9bb", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2f696ab-5c90-5413-aa0e-0536881f4e23", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f41d58c0-e06f-5482-a11b-19133a79450f", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:581fad5a-2310-502e-b38f-daeba2400d5f", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b669344-6bcf-5ece-8fa9-18867a7471d9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ddb490e7-ec34-50a1-9a5c-6b978c93dfc6", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84e85565-0344-50a3-9d7f-7ae2b8c5910c", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e5eccf5-9336-51a4-8616-5adc76afea5a", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ab6a770-9f09-524b-8577-921d30eb8c6b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dad38af9-feed-5931-b553-e4a396a079fc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f870ae9-6c07-58e8-9ee6-74329ac729cd", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f400415c-d068-5c05-b25f-4e232b9f8ee6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2abe158b-e8e2-553c-a08b-1ac1d6a494b6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:465b22f4-65a9-508d-a1b6-3a68625e8669", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fde157ac-b1fc-5a91-898f-1f2682fdd670", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b459df7-fbb1-5516-87ac-b1c04c96323c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0e0afca-c492-52a7-897c-dfe788389f90", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4b703b2-6915-59a9-bb8e-8bd5b6c0c5dd", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c847ba9b-3356-501c-8a48-f6ddcb94fbe9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11106496-f82a-558b-aa3c-8ad4fc19bb8a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aadc4e02-bea8-5093-b783-c2bea5cb6fd6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b0db2e7-b395-589c-b4e6-017113410141", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a5a351f-aafb-5825-bc3c-97d9aacfc9ea", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:272af4da-318a-50d1-8640-9354aa6e4073", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef351b95-6414-576a-856b-5fa6bfbaf085", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.1" } ] }