{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e4dd60f-38ec-5054-9668-2838fb72c5de", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-instrument-tomcat", "version": "4.1.7.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5165ac70-9dff-5ff7-bb4d-cf0fdf08f079", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7466c53d-68ec-5765-b9c9-892adccd9f63", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5d6eb242-f389-5673-87a5-8bfbd900a3e8", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9a5f6003-9e9d-5bfa-b6f0-e8c356a244ff", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:358a1b08-6e60-5d9c-939f-6038fea6431a", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:19bf29a2-4636-5b13-abf6-36b626d107ef", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d86d952-dcc6-5d9d-af8e-eac28bba83fe", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7816079-fa17-5433-8730-e1891ec4cfc8", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a655b7c8-0ba7-59e7-85e6-9ce5a44a4197", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b7340546-5e81-58fe-9032-35c263437277", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:596270eb-1447-57a9-8c13-f52606dabfcf", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bdab5121-0a15-56ee-aedc-8f20d6c6b644", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6327c39-28c0-5df1-a784-e8448da364e7", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a671c929-49cd-583e-bec9-9d38cdc7675c", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d6160193-4444-56c8-bb79-617e770f076d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8471c9c0-3866-50a6-99f5-f1af8ce0270a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5db02978-fefa-58c9-8b04-646ebd5d6f0c", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:86c99e51-f814-5e17-b2e1-ffef8769c923", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d924185d-ebb9-5ebf-b8f4-544bf8d7eb6f", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb8264d4-08e3-5ad2-8005-2b5fb3e9d4ac", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:29454a36-ad31-5db1-882e-0e5c2c7469d9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff9d31ae-3088-57ee-a672-549b896edc6d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:55d31fb8-1cfd-58d5-9250-5afdce5fbcb9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7439003b-5f09-56bd-9b6e-79ecc0369f96", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:caf5b97f-dd1c-5d37-a0ca-834d8ec80458", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d06bb2ba-a258-5242-8392-8d90e5d3f300", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c37e558e-d980-59a2-981e-2198ed6fb142", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e098bbde-8d7b-57e8-b479-fb3bd753da16", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16cf1e34-7d8a-5e4d-8eba-7749bb1ac543", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1ae91b6-3f88-54e9-893f-c1e7d8a09d7a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.1.7.RELEASE-tuxcare.4" } ] }