{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9c2580d8-aaba-50c7-a4c0-e630bc063d41", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-instrument-tomcat", "version": "4.0.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:977da42b-11fe-5f6b-b209-f07bbc12008a", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2808b64-6062-57d5-b694-2b012fe080c6", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5782f8e1-5502-5466-a979-fe8191dacbce", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4bc6920-410f-5bc4-95f2-d21a67c211c3", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f98f52c7-70a8-56ac-aa4f-9b12ba5dea57", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5d01972-7034-57cd-a3e3-b95ae9fd1a00", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12652c2f-1f24-55b9-82d6-cfe52b66c92b", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e98ea6b-ef50-5d0f-b72a-93f35220ac65", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f921a63-94d2-53d9-a94a-658b64b9d07c", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:479467db-7769-597c-b613-45700b9d8f99", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc068fe6-fe3a-57ac-bf05-b61ab527e97c", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:557ef1cb-f134-5d8a-8458-3e87a44ff4de", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:30ce9b62-e58e-5094-9a27-45305ed91d86", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-instrument-tomcat 4.0.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f52f77a2-c739-5188-9814-720bf102205b", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68b0a2d2-f5e2-5565-bad5-fe15c4699542", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7e5bf9c-c320-59da-b9c9-e658aa1ec2f3", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:579613a4-a8a6-508c-b590-f06e1b74aba9", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef90ff13-ee4c-5287-87c0-15cd91800ea0", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ed34cb5-f8bf-5f32-b5eb-11b5e597da75", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5bc6ec2-3107-5536-9ff7-6fae93f9de2d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9744349b-d98d-5393-a6ce-7e32ff8bac0c", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e611f48-50ad-5c9e-9c87-ca39e84da7c8", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:321a896d-5136-5a2a-968b-2db796932bbf", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18b299a5-bbd7-5853-b966-61795c85cefc", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87efd823-063a-55f7-9a3a-2ce140aed728", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1da6f53d-b6fa-56b5-99fd-2e616c97b252", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:246e767e-3c50-59f2-847c-9c76a873f64d", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7b5252a-806a-5127-bc4d-690592dd8283", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ae84551-65f8-5671-8f78-8b53b33d19a5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da92d81d-8180-5788-af97-040227b1272c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b727407-1658-5394-a00b-1ee3075bd0d2", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0dfeaa8-daf4-51a3-9dfd-621091a40996", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ebce899-2b33-5c13-8f50-28ec1529e347", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb35866a-ae58-5be3-8f4d-b846a424fe99", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:acfe3adb-9a30-5b28-add2-a67606d94453", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0131a76-cd08-5714-a246-1f8733760875", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc542a6e-fae0-5ddb-9f43-7287de28fa46", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b296341d-97ce-59cb-a545-4c8f66cb0523", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:feeffdde-ca7a-5898-b32a-117d5949fd34", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b01b6a6d-6f82-520d-8243-a6f929b9d5e9", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.1" } ] }