{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:24d05fa5-1f08-57a4-99a0-ef3e2b653d24", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "4.0.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:11f6cf67-1635-5b65-bb74-4e683f5f046a", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14fa9536-ac33-519e-b830-5a0c101de7f9", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7b4bcbb-bc43-59e1-ac7e-8ea8e1ffaede", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:444d9ddc-30ad-5c10-8435-a9d74e3da78b", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:27a2a078-7a46-5fb2-8a5c-1152bd20fe78", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79d4125e-2576-5a04-afc8-67efc2d462d6", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:88e66cd8-3c8b-53ea-91ae-0670df9f37b7", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5a29a95d-da94-5870-a6e1-9eade6492625", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d31dcbf8-8b91-5b72-b30e-926f6a62678a", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7b10ba25-901b-53de-a38e-7a85419b533e", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08be5fb5-a326-5127-b266-b55656cd2923", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ee68452-fa6a-5965-b89b-3d57e86820d8", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12a2e8c0-cc09-53e9-9390-86ff52dc89d4", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-orm 4.0.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4bd4a071-b995-561f-87f3-e4f8058f5c0b", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d71cbad1-dc74-5061-8e8e-926e6ec012cb", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:27d4a57a-4356-5f86-8aed-e7f8b310c399", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1eae9634-c4be-5c31-8a6f-043f46d0f43c", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5202e7d7-a87f-55aa-9ebe-d5403fb241db", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f2f45068-88a7-50ba-995d-1e488839fc63", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0adcdfab-1129-5fd3-862a-9069723e502b", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1bb17a5c-c190-56e1-8722-7b1bca1241d4", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d67567a-6b4e-5ca2-b784-855992ab1b78", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38f808bf-4b74-5b32-995a-b74647b276d0", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8a5ad23-fa27-562d-be0d-04d5c873afa6", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8000ac1a-180f-5b0c-b3be-347decb2150c", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e183957-bf2f-5ac1-b997-76058683712f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:832e2e68-4758-5eb0-8868-877ffb3614fd", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bba21337-12f9-5209-a4a7-eaabded8dbd9", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a00707e-7252-5806-b2ed-95cb10396175", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:71d63975-1055-5199-a37f-710cd8814208", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7dfb6638-26e0-5691-8c7c-b29730424460", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a892b31e-090f-5589-822b-13e752c9f27d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee3e8a2c-3fba-57f3-8776-6d6102556316", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f08ec751-26bb-54cd-8ebe-59f26538243f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e54140bb-24d2-5f32-85d5-1f1f57a312e9", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9eb6c45f-c065-5f01-98cb-e670b633500a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4dca8bc-a75b-5b48-91f7-0763bf9c70e1", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:177412c1-d35d-5c6c-a7e5-c05a6f69ecbf", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c450f26f-d72c-5800-9c69-eb58537f0168", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21d709f9-c419-5601-bc68-88a0c1e2c479", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3cfe1626-0944-5b06-9f32-0ad0211f9cc6", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.3" } ] }