{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b696ae05-1104-5392-b801-0556aae60ddb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.1.20.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a1a4c738-c80b-5e51-b85b-1765f4c24400", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b3695c1-5239-560a-9e1d-fe19fcb4e0f4", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d87c8d87-4c5c-5770-b47d-d6d54862af73", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:990bfcd1-2b57-5db1-9a14-8143cae73013", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52deb5b2-a470-55cb-a697-5191bd5161f6", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6331cc82-9c81-5373-b292-174607548e2d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37784132-25d5-583c-b400-219de32d5e5e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16454e0d-83ab-5dc7-bf4e-a90a49306d8d", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c3e4f14-b858-5b08-ae33-eef059f5bfa5", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39378901-6e79-5dac-8b8d-f40ff3c57a64", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e297be99-0cad-5bd5-a733-38fd9fafaef3", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18410762-60fe-5021-8222-0fa39133437a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6b854ec-654f-5dc4-95fc-4df74c6b7fd5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:182293db-201d-5e70-949f-0908997e5819", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:093d9778-6439-51e4-8e9a-11bf11e8e759", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e44e1d6-c1ce-5bad-94f8-7eba0f6d47fd", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-orm 5.1.20.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06bcfc6c-5598-5241-856d-ed17a3fc1045", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:420b3f11-9279-5633-8e14-c9b78a1b43ef", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31f4f9dd-e18f-53e4-bd23-3e83e2ae120e", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9d92f49-aacc-5442-ab4b-0778552d1e38", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96185714-5ee6-5d48-bb68-1f1485417f98", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f2bebb3-ed69-5b25-b20f-74e94d46bf13", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bce24923-11a8-518d-a236-f3d3405a7cf1", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd6ab52e-080d-5006-b7a6-43b8dfe4b6cb", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:579ad533-b1b4-5c94-a9ec-95197f51e84e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.20.RELEASE-tuxcare.1" } ] }