{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:50852a02-011e-5ba5-ab1e-af404d52ae80", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.3", "type": "library", "group": "org.springframework.security", "name": "spring-security-saml2-service-provider", "version": "6.3.10-tuxcare.3", "purl": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:49e34304-e1c3-5d1c-a29c-e4d49ec89ff6", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8477eaa-8978-5392-b1be-0e4aa259ab59", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0f16cfb9-f035-5be4-8d80-f3efef27f255", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73acf60d-d88e-5e3f-a7e5-a8781714bfb0", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f2a36824-9a89-53be-9d09-c6202587fe6e", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e037f7f5-0ef9-5e0e-94ca-62fd70d20fe5", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.3" } ] }