{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e70cc6f2-8620-5166-b4af-9164d63199ad", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "4.2.9.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0efb7d7d-bdee-55aa-87a9-33b0da55830c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16fb2468-3db1-508c-8a20-bbd133a3f466", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b97a188e-0ab3-5b80-a581-bef59ead05ae", "id": "CVE-2018-1257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1257 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cb1caac-fea6-5465-b08d-cecf82402265", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9431ebe0-0a79-51de-9f6d-8371c0fd267e", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ce693a5-67f8-547c-b28a-9a5784a794d7", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4249c24a-d2f7-564b-ab28-078ad91f77a5", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b290479-2d32-5d26-a115-490a193fefc7", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c2e35bd-7ecb-5b01-8c70-6ac96a3826af", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28b8e00b-6684-5238-b43f-f3d7c90feebd", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e38678e3-5622-5b95-890a-1845a048eac1", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a49ce5c-f6ba-5deb-88e2-5b951632116f", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1ad9fd6-adfa-5db7-b05c-02e54b445382", "id": "CVE-2022-22965", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22965 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd504abb-ea69-5644-b74c-a05cc3b08bab", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00187c13-feec-50da-91eb-95f894d853e2", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20e8be27-3089-58ec-8c79-750656f5e2de", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb13d2cd-6cc2-5d1c-89e0-751b3a10c8b6", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfd4ea1b-88ab-5d2f-9cfd-55477dbfe853", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ee89813-7cbf-5c9b-bbc9-f9639bf4d650", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b2c0912-bbcf-540d-ac69-4e75fb4d3bd7", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4fa378b-ecb6-504f-8826-cc6e0a60c41d", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:494f9978-7d00-5da2-9543-b6cefb703ad1", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:289679b4-df1d-5815-8dee-f9e69a0b1b85", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a55ea1b1-445f-5c31-8616-6133fa2189f0", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:805c4d2a-5dda-50f3-a8b6-98418452f3c0", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67bfa63b-e112-5bda-8355-ad149b09aa98", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96516a47-f532-565c-9758-a1688425a08c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5936d2b2-adce-513d-8144-033c0f7499db", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.2.9.RELEASE-tuxcare.2" } ] }