{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:db885172-b45c-58aa-b61c-619b3eb242a0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument-tomcat", "version": "4.0.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:16f57e0c-a8bc-5e2e-b5e0-9e71efd28f6b", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e87e270-3d3c-5f83-9e33-c00345167e23", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ca004d2-61b2-526c-b222-e28528d90b3e", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebc649dc-0597-5c1a-8c1a-ddaa488969cb", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb3ca369-a18e-5481-a6ba-45428cf59673", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b45053f-604d-5d12-af8f-2924be3f1a86", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f660734e-2f17-5c8b-9783-274bab1b0b23", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff67498e-5995-5f4e-a8e8-4384148122ef", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa0317d0-0a5c-52e8-8e92-d6e5ba8e408d", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec37935e-99bd-55d8-a0d3-1d1a9a51ca25", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37c6167d-1324-5ebd-86cc-8a2741c18a0c", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a5c660f-d7c7-570d-9246-37991cccfffb", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d7ad9a4-30e7-5e7e-9b49-bd8910f0e691", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-instrument-tomcat 4.0.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6e8aae0-0783-5454-917b-95953755b35a", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:719664f6-b190-5355-8381-195b1dee21a1", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49b1a29c-c2f6-50f5-b23f-b8f3cd166ae3", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f12b833f-007f-52e7-94a9-5a0778bfbcd8", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f7cc185-d40c-5e7b-a338-96b0efbde29b", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2bc8bca7-f5c2-5f3a-be20-f4b181254171", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1a4667d-a487-532c-925c-1bd9b93cc510", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03682270-18a6-5c32-bf00-1caa3503bedd", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe5be0eb-590a-582f-a0ac-d52cbbb3deef", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0284f01a-b7d2-54ac-ac60-18a30ef51c7a", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01c0eb8f-809b-5746-abac-1835e0ae4efd", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4783c463-5dd1-56fe-93b9-b4e4359c4fac", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b322860-ec4d-5f61-84a4-eb528043fc04", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f461a22-9c75-54a9-abca-50df91553688", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:870591ac-49c0-50ac-8c00-e674355ca7e1", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e7a1b46-fd6b-5231-a322-3abc95515320", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74db900b-3941-5fe7-9fda-415a6a10d650", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93f664b1-f073-502d-8fec-377f920d3a32", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e3e55ed-2e81-54db-96e5-a3e47141c703", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ce5f2a7-95e3-510a-8555-9221a01c7b2c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b14e652-d1fc-5880-b863-3ed802a0cca3", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b533140e-7a26-524f-b430-a978c97fc24c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b75caf5-516a-5363-b663-8a0db9c491ee", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:008325f8-aefe-5b2b-9734-e1b15cbe74a2", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0babb6f2-cf93-5742-a7da-af77752f964d", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb320c87-26cb-5780-8548-5e09c64dec7e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf46d7cc-65ff-5592-9e4f-fc9219043208", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@4.0.0.RELEASE-tuxcare.2" } ] }