{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b38b8f26-e747-5f6d-b6e7-e285eeb727a5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:88bf15f7-6abc-5318-80a7-9295496a2701", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a935fa6e-3418-55cb-872d-d7763f884221", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66369d8c-4c44-5d7b-8a6f-69d5178ec826", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:691b33d6-f019-56a7-bf8f-c09d317a3395", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1bd0b936-732a-579e-b093-37a43bc9af3c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e323619-50c4-5d1b-beaf-8ce2446286e0", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d48821b1-b376-5ed2-8ce6-410f135c7eaf", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:031ab206-a13c-53db-9b61-567dc319ea70", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3bf205ac-f0f2-59b9-8c3c-08f5ddf5b720", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:400c6528-cbc1-5715-ad4b-290f61aa7c1a", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2034a967-c25e-56f3-a226-e4e94513b5c5", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15c3bd76-9cd6-5b5b-bc31-1b3a91359303", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:971dff9b-15ab-5844-8806-e40f00d919c0", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1954a786-273b-55fb-b560-a474f794df04", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:93328c78-45a7-58ec-bc39-6eef488eee89", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85db7ea5-b3b3-5b60-b977-a24bd4d8859f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3991344e-c0a0-5267-acd7-29de540cd88f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb8ca7f8-14af-5737-a45a-1b63d904cade", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9627bd25-45cd-5dff-9fd4-f4a1d0ae0019", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86357934-ebb6-567d-983e-d286249ae4c5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f380ed48-28dd-5fb6-946f-d1091c7c53e1", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b09e7cd4-9514-5ac0-b281-d7263c6412ac", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:080def41-6def-59c5-a8ce-4043844e3a15", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15661bdc-0007-5153-9f08-bf27d56b95f2", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ad43e21-7b31-59fe-8fa0-e25eaeb2e45b", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41095ead-2953-5666-bdb5-825e2af80df5", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@4.3.30.RELEASE-tuxcare.3" } ] }