{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:43e42605-436f-55f1-acb7-33edb5d32b02", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument-tomcat", "version": "3.1.1.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:025eab2f-316c-518f-9df0-c89c9741c47c", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f1f64ae-49d3-5376-835d-9047515eb187", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:407cfbc7-7354-558b-a8ab-2c0d518bb45e", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4ba96ff-4ec0-5d57-bb0a-6e1cb240891e", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c723273-66ac-5bff-a2e3-39be660fa4b3", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c59ccb1-1533-51e8-841e-c578ffa3274b", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea2ef408-b306-5565-bc8a-ddee8b856d44", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2167fa15-c43d-50c4-bef3-8588a0e708ef", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc47107f-b675-5075-8bb8-9ad9b975fc78", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:347a5f7d-c04c-54bc-812c-1715737fba5c", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95e59b9f-94ad-5abf-a6f5-b33e1cacaeef", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba3f29dd-f90f-5b4d-879e-a9f938dacf34", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03bd5f4c-07e4-55c4-85ff-5bdaf09773cd", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d90e85a-430e-5a66-bcce-5e318ab384a0", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6fa39b40-c645-54d2-89c5-61f3c84bc88a", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98479c40-4a67-5686-9624-dc73b140e6bc", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e994f28-a8a3-5758-8ab9-a5affe3563c2", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b187955e-f35e-5755-8c81-3050439d10d4", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c55502a6-eb60-547e-a884-23df9fc86de3", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:055f7081-0e1e-5a13-8e00-c84e503b4901", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d704f55-c968-58f4-a273-911188883126", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb99d1df-f7f6-5637-848e-83e950a90f06", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79194002-5a43-5b55-a807-e331c1f5ce3d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:488f57d1-9b75-5696-9b19-b59b841f3c7f", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2bc6c4ec-ecc8-53f7-b497-d9a5c5ee2341", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15b45cae-71fd-5526-a7b3-d5075a6f46c2", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3579c28d-892b-5494-b2b9-dcc9bc00b0bd", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fef849b-4156-5dca-8ea3-92021a051c30", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c42632c7-08cf-599b-9a19-940c1ec6ec75", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76ce8c45-67d1-5f2a-87d4-dc7ce81ee6b8", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21bae93b-66cb-5a07-ad81-9de671927656", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90953962-c6df-5473-ba4c-dc4509f18905", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7525084-8b09-56b2-8f06-2b12dcc28422", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d95880af-22c5-5c1e-806c-a6e3f404a45f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67c1fe34-b0bc-5823-8d10-8c088efee51d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e019892-5a54-5483-a266-8dd6e8338cd6", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a11f0cd3-7564-5cc8-aab6-3718ee41f378", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:874f78f5-2624-5ef0-b839-0fe6436835c8", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:181e5577-3a56-5089-840f-63ff07b32b0a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ff7df51-b052-5e1d-9006-5a37642f53b9", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c835067e-594f-5051-8876-205a6bcc138e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12b4f316-d617-5701-a488-a4fa448b33b1", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cc469c9-90b3-5039-ac89-3211bf54c928", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }