{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:99affcad-38aa-56ee-8a24-a233f29d21fd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2", "type": "library", "group": "org.springframework.security", "name": "spring-security-crypto", "version": "5.6.10-tuxcare.2", "purl": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:36ae142f-49d9-5222-825c-9384507ded3b", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:045aa646-b4e0-5287-82a0-c6098ab69557", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b2be079-1b8d-5918-aab9-73afd1a086d2", "id": "CVE-2020-5408", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5408 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1dc2c54a-eb03-5fe0-b616-b4357927a92c", "id": "CVE-2023-34034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34034 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba76eb78-e8e4-5f59-aaf9-f4884adcd9fc", "id": "CVE-2023-34042", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34042 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec76722a-f2e8-5364-b497-99c4c9ee1cb3", "id": "CVE-2024-22257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22257 is fixed in version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9b6f541-b25e-53f7-8ed3-33277cd93b66", "id": "CVE-2024-38821", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38821 is fixed in version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efeb80c7-da95-5b77-aa31-f2c229b4343d", "id": "CVE-2024-38827", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38827 is fixed in version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:066dfc3d-43cc-56c9-b748-324d52a7d6a0", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c24a016-8168-5ae1-a02b-529bbe559839", "id": "CVE-2025-41248", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41248 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd93cd66-0da1-5d1c-b2b7-daded984f05d", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c051ddd6-cf49-5518-b44a-dd0bc77d2ad0", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:770b2f3d-4351-519a-bb74-52ce7e1deaac", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8d6d170-d801-5d91-a006-7a27e4c5463a", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0213108b-b7fc-535e-a164-b4b8f2540d0d", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82193072-5ba9-5a8b-8041-32bcd25cc5e3", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.6.10-tuxcare.2 of org.springframework.security:spring-security-crypto." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-crypto@5.6.10-tuxcare.2" } ] }