{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9a0a1d31-4ee8-530f-820a-6d42588e1162", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "3.1.1.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:afe517ce-b9e5-5789-93a6-023f6271a195", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:828f87b5-c5ee-5c92-ba54-d1219e0b5e54", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fedd2469-c077-59fb-babe-5c09647c9028", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:adb3a1d9-9b6c-572b-b8a9-956a95771e78", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c78c028-6b82-5078-89b8-585823872512", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3407d52b-96e5-57e9-b30d-c9293f0f6692", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f89b210b-9414-5394-8af7-02699255b79f", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b9ee5ac-0b5d-5da4-b573-42a2e3374d6e", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3eba7989-e9bc-5d91-962a-ffa41cbd89d9", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba210c72-6e3c-53e6-b240-d78fa223244f", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f093354a-7922-5ef1-aeb3-476f1c3159bc", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e689b150-c493-588b-b059-f04e90e5fe33", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9bd61037-02f4-5ffd-b435-e8d4de58f119", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec1997ed-6e27-51b9-a3f6-8b399c4dfcf6", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87fa3c3c-db22-5568-985e-aaeddd8eab0f", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6a8d5a9-e09d-556a-8313-89df2bbee6c6", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-orm 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d47b91a-ea80-54f5-9ee2-0e52758da16e", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-orm 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:775014da-da9d-56ab-8310-18c5001bb371", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-orm 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb8f8c42-e50b-5590-81d4-5bd10120de2e", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4b725e0-97c0-5d4e-b739-f9b394f35efd", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b4d05ea-a3fb-5f5e-abc5-0808a93bae3f", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee22f793-ef6e-5ad7-a11a-cd9926b545e9", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5f11cc8-c865-558f-8c54-00af54054503", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d880fbe5-2230-5ad1-ba59-067d6f59c16a", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:648c5468-2ee4-5afe-92e0-a0c2280085d5", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1f255b8-678c-5e19-a97f-7dfa7ec0f6ef", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc8bc193-3670-5e7b-8d11-f4cc90dfa77d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27209e41-bb31-59e9-8afc-cd1999a3cb6a", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9336f4d-e990-5b46-8539-28f4a65aa5fb", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88359cab-8da9-5a8b-956b-3f957da76934", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77470b98-638b-5a8a-9765-ecdd3c8d6229", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3409baff-9c30-59ff-8a21-2faa7fe89118", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64b0d467-aadb-5571-a475-e49dbf1c6974", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cab2ba4f-a752-57db-89d4-70c8ceaeda9f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95f80c22-e610-524a-bd0b-45cede072380", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ce3fc06-f0d9-5553-8dd6-8f548abc74ab", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae7ed418-96dc-5f2c-8782-ef252a7aa4f1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a391a684-9c3c-5406-b125-6d23780232ba", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1675cb3e-573e-56ad-9f5d-300865887465", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b400554-5de7-5572-9ea5-a7675bb5df7a", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-orm 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7ffe9b5-2bfe-51e8-92d9-069aec2e9e9a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ece3264-0566-5356-bdf1-bd0320e2bc0e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:697b1f58-031b-55bc-bf78-17f6c9fa50f7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@3.1.1.RELEASE-tuxcare.2" } ] }