{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ce2c30bf-4e5f-5fd6-b67a-57f3603b2388", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1", "type": "library", "group": "org.springframework.security", "name": "spring-security-saml2-service-provider", "version": "5.6.10-tuxcare.1", "purl": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4a682070-1679-59da-bc0a-9151fc19a224", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f878133a-bfa0-5083-8fa5-1b49774a143a", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43d0e569-a503-5706-ac40-c2753a39caca", "id": "CVE-2020-5408", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5408 affects version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93b60cbd-b653-5d3e-91b5-58f3e7fb1c75", "id": "CVE-2023-34034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34034 affects version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46de670e-240c-5a8e-833a-c30bfc349c1a", "id": "CVE-2023-34042", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34042 affects version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb4e50c4-ddc3-5f70-8d30-fd9699ffbc69", "id": "CVE-2024-22257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22257 is fixed in version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a8cffe4-23ad-510e-afff-128d1df26fed", "id": "CVE-2024-38821", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38821 is fixed in version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9964e0c8-76df-5903-a33b-a5c6dcd64e55", "id": "CVE-2024-38827", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38827 is fixed in version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ea3497c-4161-5d7a-90cf-9faa439f577c", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d853e1d0-f055-588c-a0ce-aa32a8372e3c", "id": "CVE-2025-41248", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41248 affects version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26055a93-1493-5f2c-a1d7-e4d355c0ce87", "id": "CVE-2026-22732", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22732 affects version 5.6.10-tuxcare.1 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@5.6.10-tuxcare.1" } ] }