{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:51e0358e-9c81-5bfc-8746-cd88c06de227", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webmvc-portlet", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7ed9649d-a7d4-5d09-a98d-427a6cc76c71", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b7632347-dc80-550b-a06f-6565530d805f", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce6805f0-0727-5475-b7b1-dcf518d0cfc1", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e6a70af-fdec-5da7-b060-ae4b5c31ebbe", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dccf66d0-07ed-5dd1-a3c0-3f254a7c7755", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e39d07a5-fc59-5009-8bde-fa52a168cd52", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79c3bc65-7901-5e22-a8b0-82717070ca9c", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf44003a-98a1-594c-a86a-e0cb49a19cc6", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:50446307-17bf-520c-984c-d3037c640943", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:901da1e2-bc0f-5745-a0bb-fc3689072ed1", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48baacad-a668-5d17-b0f0-25270f162c66", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2474a58d-9f70-5887-80ab-c51b661ecd3d", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5115d1ff-96ca-53c0-bd42-be459b83fe8d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:812c0178-452b-55c4-b9f4-969e9ceda36f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dc107b84-0987-53eb-9833-0ef4a78ddf09", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38fe8512-70a0-517f-ad2f-0485bf8da71e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:304456e6-fd82-5b47-8127-b8282b0751c0", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3a8c570-85f2-57ad-b421-aad46aa8d968", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40503600-285b-5a88-a9ac-e2c24e6d96f2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19e22893-372d-5e58-afc1-ebfa644d8dfb", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:127eab20-d590-588c-bcd4-1faf81fdbc43", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3763e131-7f25-5228-976d-0ad6bf9e0085", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e95e731b-49e0-50e6-b50c-1c335777d0e2", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7fd19eb6-756c-51a5-858c-25a52bac88a0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9438dca6-6f82-5c84-801d-bccd3b8fe3b1", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31a3e8e5-db3c-5125-917f-94dceaa3311a", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@4.3.30.RELEASE-tuxcare.3" } ] }