{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8a562e11-d921-564b-b16c-f37da28b7d93", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1", "type": "library", "group": "org.springframework.security", "name": "spring-security-saml2-service-provider", "version": "6.4.3-tuxcare.1", "purl": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3e2fa640-3978-5e6c-be69-c5633c591c6e", "id": "CVE-2025-22223", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22223 is fixed in version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ed711e8-00c4-54cc-be88-e43ecd0d7eb0", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88246547-2bca-541f-92f5-c740fdc54299", "id": "CVE-2025-41232", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41232 affects version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7087aa5-b1c9-5544-a33f-fc5a3ae795c5", "id": "CVE-2025-41248", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41248 is fixed in version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4682b8f3-8c45-5fc6-bd70-e09b55ea5841", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d8756aa-ec18-51ca-9ac5-5ef76fa64d1a", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dad89311-a880-5082-9d5f-75e3e4b29758", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ece00624-0ea7-5969-b8e6-fe3859adc462", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8986d96b-ca13-54f4-b59d-29ed524e838b", "id": "CVE-2026-22751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22751 affects version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c816eadf-046d-5d93-8f9f-20c1ecd81b5f", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9341c52e-55fd-5fe0-ba5a-e9abeddcca53", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 6.4.3-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.4.3-tuxcare.1" } ] }