{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9678f656-1a60-59f4-8642-df2d5e6c4aa0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.1.5.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:95007eb6-bab7-543c-8135-793c50e88067", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7f701259-cb45-5ab9-ac54-d05df963ee39", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07a95b72-56d5-5c9d-a65c-955e4c380c19", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca87c5ee-c586-53ef-930f-baabd45ff9fe", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b7a7c29e-03e7-5ec0-9cfc-3086936ad990", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a5a87cf-2bb7-5964-8dc5-6c19eafbd4e9", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74240bac-e38d-5d13-9f6a-1eff932d89f6", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9fefaea0-54bf-586d-bb7a-b47eb110e4b7", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:490556fd-2987-5d10-ad7d-085b6c1d2c8d", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:35ef7172-b9ce-5a99-8a69-fb506d0fb686", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7de1121f-64ae-54f5-bf23-88420aaca021", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02ad7c0f-a587-5ad5-9fac-63670fa594ab", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8698d00-2275-5822-83ad-e129d5caf546", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04a1a30a-a5bc-5400-9d58-fdb32cfa8d8a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c71fa2d3-be64-55db-97a4-9285d739d7dc", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b03853f-83b6-5030-94ec-590451f5853c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2c52d714-e5e7-51ca-920f-3f28e7fdd3ab", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-orm 5.1.5.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e781b7b-f665-5bc6-a809-3982830ef322", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb8948d8-1a9d-5b35-9857-d3c6fc48e25b", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83642398-e33f-5775-b92f-9e7b9bd15f33", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4dc1ff34-d66c-5b96-bb92-05b1663a7b3d", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ef60a70-6446-5b36-a404-282ed54c7c93", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5353c94e-9293-5c91-aeef-bd3958246df6", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c284dc3-50f6-565c-b428-504c0fe16505", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c5d711c-fc9a-5d79-aa29-9387f6ec84b2", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2316239-bc80-566f-9c0a-8adbfeb2fa7f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a8c229f-0b4f-5cd8-85d8-8d099b5a5283", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67abea25-9df2-56e8-b52b-89a52b4d15de", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c51ce91-e233-5039-9d92-d905718fa25e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bba629d8-25c7-5022-b6e9-57e48126c456", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:df2c1977-6f76-580c-8a69-328c0f5f6a09", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:567a902c-745f-5ea3-99f5-5d348c8d755b", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ef9b10e-ee57-5dc3-aae3-e08ced97e104", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c5abd57-be36-5412-9a03-a51d2c499f16", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a0226e2-d01c-5a2d-9c7e-599ac051dc31", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:becfaba7-8bee-59fc-bf00-f944372a8122", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:46621cc9-cbcf-55d8-8152-55b8eb65ec37", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ec0cc21-a1d2-5bcb-bed2-e79611c62390", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a94016f1-585b-55c6-b42c-cdeda687db71", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7bfd4a1d-ea39-5c7f-9681-d0df5d985ebe", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e204dc2-b191-5c1f-a2bc-f6bae1624e7b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e10f42d5-c599-508e-a23e-8d8728ab1a6a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b23f23c-be27-5dcc-872f-696cd5015397", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd0ab477-43f6-5f63-b84d-6b245bf8f715", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94c9ec5c-d786-5220-8491-2721d74a5433", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1881758f-44ba-516f-88b3-acdc8b72bf22", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.1.5.RELEASE-tuxcare.3" } ] }