{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1f8d11f1-96ba-55aa-b443-bc417ae40618", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-instrument-tomcat", "version": "4.2.9.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1ca5ad03-cbb1-5dff-a1b3-212539fb44a3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfd76681-be9f-5b9e-8270-03f8c1e4f22c", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c11ead7-15a7-53c1-8345-4822ea0f077d", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:25d28f4c-741a-5fb0-b6d7-d8d8bc9fd909", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b630deb9-5c5b-596f-aabb-2b5dda719cdd", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dad14043-ef92-5d63-bf9c-d7a910a829e3", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0cbefe13-9052-5cab-90fe-5609eb3718f3", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b9df8e7-f0c2-55d3-a29c-7ef6a18c80fb", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10d3ddaa-98bd-5621-bea3-e4e4ce91dafd", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83d98dd4-6b6a-59d1-be78-dcc539729e69", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e99986d3-2567-5ddd-8a07-ecc2059c50a0", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:700c6fde-0a15-5289-afd8-16204bf5892c", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97240b62-3ca7-51bb-aa22-d7ae13535873", "id": "CVE-2022-22965", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22965 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7944fec8-ea19-5168-9c3d-06a36e4e3005", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56d06ecd-06bd-5fad-8034-6deb060e3dec", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55de86a4-4cbc-53f5-b991-0e4936fd2046", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdf477e1-0ca6-59bb-82e9-838284d3733f", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96481c0c-7fbb-5bef-acff-ce2034635186", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b6b427b-acea-5ace-8673-ae6314cd3674", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c3a772c-1671-551e-96f7-e9a39562690f", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e650bef5-e1ff-5010-b65e-3d4597b36d32", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f21d76f-e307-5835-8c60-fff727775827", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a944f9c7-95fd-5c7b-ab52-6b6c05e5497d", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a5d4462-3b68-5139-b915-e6832e053cb1", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b13ded3-7e5b-57a6-8d5d-227c41f30c11", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57348c3c-3ceb-5763-aca3-4a5e17338962", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78bc5b44-f290-59ab-ac85-3168d739984f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a525c3a-638b-540a-8a27-e58314a9d5bb", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.2.9.RELEASE-tuxcare.1" } ] }