{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0690e1c0-2256-550d-b590-c07db3ade6e9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3", "type": "library", "group": "org.springframework.security", "name": "spring-security-core", "version": "5.6.10-tuxcare.3", "purl": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a7baaf23-9102-5fc6-b95e-2db6da6c8cdb", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a0df68c-3608-5385-b0e0-93792b431123", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a21b527-24ba-516f-8e72-049c97462d2b", "id": "CVE-2020-5408", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5408 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7910e755-79f0-5e19-9f4d-41492f64cd50", "id": "CVE-2023-34034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34034 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a55562d-001e-56f5-a388-9834a3649216", "id": "CVE-2023-34042", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34042 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e564c55f-04be-53ae-9e75-18f1d80e2a90", "id": "CVE-2024-22257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22257 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bcf14c14-af77-5baa-b758-241b7d10b05d", "id": "CVE-2024-38821", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38821 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fafa0593-9b2a-5368-8451-a38f9916b941", "id": "CVE-2024-38827", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38827 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66c257f2-05f3-5ca6-94e4-e24aef83cc2a", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:094b91c2-beb0-50f4-bbe4-f586b37ef75c", "id": "CVE-2025-41248", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41248 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7fe2ee4-c04c-5502-8512-13a70493bb00", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6c5a0cb2-9fa1-5eae-a014-0a03f39fd71a", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd8d04b0-1b58-50b1-af8c-b0a2e131f4aa", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4afbae26-025c-59a2-84bf-923339e22082", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae8de0e0-b5fc-5d13-b503-a35e46de06cd", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cfcc83de-4058-5d55-a9e6-f87291109059", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-core@5.6.10-tuxcare.3" } ] }