{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c52d2c9e-939e-56b0-ad38-8884df7a6f01", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.39-tuxcare.10", "purl": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1b28a9dc-f41a-513d-94a6-e8bf20112a17", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:39c8c81b-6a0c-5817-b94f-452c24d4e86a", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-orm. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:6414a4bf-13db-523e-8787-5ac129868c03", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:e80314ec-d24e-5e3e-af09-505d132795f8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:90128236-b3bb-5534-93b1-d35cf2a92fe0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:f00ddabe-29bd-5ae3-b0b0-99e18fa2fb9e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:6bf46d1a-7975-54b1-bd9a-5e70a2a23de3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:2d5b2227-658a-5e7a-9ddf-3c1371054ed9", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-orm 5.3.39-tuxcare.10." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:727ad444-ef14-5fcd-8572-3bfd3e07df77", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d1f172d7-eace-52df-9935-2f14bd2c3bab", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:3b471b68-6dba-53a0-aaf3-74ec92fc27bc", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:9ad7b4af-9569-5689-ad0a-a378ae120598", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:058dd50a-bef4-52d5-84a2-98f32fb0deb1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:9ee40fe3-f24c-51f9-8d9e-09ebdcbf5eaf", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:83ac39ae-1a67-5176-8d52-648bc07e1eb3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:1aa61ec4-43f6-5000-90dd-88db54a44cb1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.10 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.39-tuxcare.10" } ] }