{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ae1e3a80-0992-5c72-bffe-20970c5a3e86", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.1", "type": "library", "group": "org.springframework.security", "name": "spring-security-saml2-service-provider", "version": "6.3.10-tuxcare.1", "purl": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:48f1530c-1fe4-52cd-a61f-a1e7ba11a180", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0724f68a-2b06-5ea2-aabd-2fcaffe06949", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4002c2e4-a076-509c-862a-6df101884cdb", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f23a2e5b-d785-55a0-92c8-7a88a55992f5", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8c171c4-6f34-5b83-ad11-8ad4c6dca60f", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d9cbfb5-4a56-54c7-9bce-478c1bb1da58", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.1" } ] }