{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:026d0ef5-165c-579f-882e-9a0033b55d8f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webmvc-portlet", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0a4fa00f-6d75-5334-b778-9061c8d50eab", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10fa84c1-b649-5dc0-8b49-3f5d5bed8f78", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e57b58f-13b5-5632-87c6-78717c6f8d6a", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:739d6127-50a2-5613-80a3-da21e889d362", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:84a020a8-f74e-52ca-94d9-78e0556b4218", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b128101d-68ed-5e57-8eca-c0abf0420277", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ffca8d0-5fea-52ee-a594-45385f57081d", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28c457bd-6267-5c39-8205-0b52e116d590", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9f0a374-e0b6-5aa1-a01b-051e89e9d9c0", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5dcddfdd-d47e-53a0-8575-213e8278f32a", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7b51056-981b-5deb-8bea-d1cfd44eb343", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc6fc201-ac8b-5e02-8d1c-ba9c01606de2", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c93aad47-fb46-5621-84f5-45c16094d625", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8d9fe9b-304d-51c9-9265-22a40cc1eb34", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3723d075-147c-52dd-8d3c-6462323bdd6e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a785e5c-5bd1-51cd-b5cb-c20ded79a096", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b18ddb8d-f9df-584c-8026-e8ce7fd7fafc", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68630898-d938-52e0-8be7-76eca46a4aba", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96e3b0e8-bbc9-570d-a7a0-6a5a8d2d48a6", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a6b8918-78e2-57f4-824c-6d394eb33262", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a74aed3-125e-5687-82da-74ca03d9bcc4", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b81f634-9a09-5505-ba65-ece2cb25a012", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c71b88d2-226c-5717-9a5a-56b92b6f16f2", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e85f5683-ea0e-58a8-ac89-24d0adc4c5f9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f7d8236-0181-52d7-ab49-b73dd8f6b336", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d733634e-7385-5cf9-a9e0-a950bf3667d6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bbf2bc87-92fd-53ff-9105-e06aafcd79c1", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37886de8-9403-5fcf-ae0d-9d1f1726015b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43741f81-b9d3-5911-8e8f-8bf42a706e75", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b878e63b-0d6d-5ab1-86f5-83603566c7ff", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9928dadf-92e7-5a84-8692-22b517603687", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a091b0b1-2165-5465-83a3-deed98ee1552", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c257a3d2-ad47-5ad2-8f6e-361e1f11b028", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ae9b0c6-d40e-5858-a986-af5c5e332018", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4649cda6-d0a2-5a0e-b015-4346fe8aeec8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b977608-6456-5167-8a67-ed5b8eae4e47", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea637227-1fdf-5278-a405-080b91fd3e11", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f2a5f79-210f-50a0-8a9d-bf254d3cef8f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c14fd2c-10e9-5bb9-9084-2d72fca01dda", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d315a56-e4ff-5845-95e3-f3fc0fceef08", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0075fb2c-a967-592e-b47a-e5c2b82207bd", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:171e5d5b-db0a-50ac-a442-ea92071cec14", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36c022bf-703c-5086-82d4-6edc1bf29021", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7f11f3ad-aad8-58c4-96c6-8e20b23fb913", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.1.7.RELEASE-tuxcare.3" } ] }