{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0c5dc33b-0bb2-5554-8f13-19d7e18d0e7b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webmvc-portlet", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b7410fd9-0b35-5438-9a58-4c5b0bec0c5e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e480f1a5-3e41-5d51-b6ba-db2453e591e6", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11960c5d-602c-5dce-ac85-45d3640116d9", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f19f661-d0ac-57aa-8f10-f668956dce6b", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16661cf6-dff6-534e-a3a4-ab4dd06ca23f", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb1a1f2f-7818-5ac5-880a-c910cf5b8ada", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19dcc694-50d1-58a7-abf6-997163dae202", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa481944-684e-588b-b86d-c1fa3a9731d3", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31a99f5a-c0dd-50f0-8200-3943eb843e8e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35c575f8-7030-5f6b-84f1-f905a3504d54", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d851b6d-09d4-563f-b6dd-00fed343e7ef", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0606aa21-7233-5ec6-b715-65765c7394b0", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cab809e3-858d-511e-8035-00f783eed329", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04490bbd-c015-56cd-b54e-df5067089f4e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9518f062-f37b-566c-ae5f-ec8cbf6d0c6c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f348917d-19cd-546d-93c2-73684957b5eb", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ccc450fb-9e68-5de7-8c50-652542a8456f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69d59419-8b60-5a69-b7fc-23a467677a60", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:594fd67d-e519-5a9d-a72b-2191b4d50b78", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90ea6a45-9010-5711-8093-d0d763de7683", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8fa111e-b27b-5510-aecc-112a2207b9d1", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:695b7048-5dbe-5a79-ba5f-9e2efb896284", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c81e794-f602-5057-8b67-d86212aa7018", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:427bd3aa-67e3-5b39-b1e9-d9970ffc46a6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0fcf8027-8729-5ef0-b3b2-7eea7c8449b3", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:748d16da-c45d-5dbc-8c00-fc6d232e8773", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:faeb8835-791b-59c8-aa21-f0e55e60a33a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d962ea5f-f467-5ae6-a544-956e8d219aab", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc171523-ac82-51ec-b0e7-5d7bfd9b6f61", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0408d37-d449-5fea-a9ff-a675c9068305", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb9720f9-890a-541e-8d09-cddc3a4f09a4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2325875-6ee4-5dd5-879e-2a8cd5544716", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89b5c4ce-4fed-5f9a-9e71-ebb18a59e0de", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ab2cc30-ff2f-5fb4-bb57-9a50b940460d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b13d2ce-aae9-5459-89bd-bbf7788ba324", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b00e46de-833f-5b6c-89d2-de41024a1f8d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51dc7f1e-3111-5100-863a-75b603b80d4c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d10e5ab-a5f4-572f-a97f-75e3bd89751e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62d37ff8-1996-55ae-ba12-8fd454cad57a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6344c78f-7d96-5faf-b5ee-ac53d5cf0bb9", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.2" } ] }