{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:607a8d3c-527b-5026-bd66-7d32e602fda3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.7-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:494b5d4c-79bf-5c12-9c71-748185daa5e1", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ec943f7-455b-52a9-895c-3dc652fea4fb", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bc17d92-796a-5122-a5e3-d01c1172fa12", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28eabecb-d81d-545a-a890-8127872441b6", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9fc67d28-8bf6-5411-b184-efd25f7df4a4", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ce1cf88-5800-5b31-ab5d-31ff2b3b527a", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83aaa736-c4b2-5e1e-97ed-7c77915ef999", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f15e57bc-12dc-5fb1-96a7-57cc3ef48b34", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f03ff78-b59f-5663-aa8e-cfd777e4090f", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7a83eb7-72b2-505e-8172-c9b13d1f4ead", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e7e499d-6224-5ab1-b2f8-eb87276745fd", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47693a6e-e7c9-5d14-8c54-6ce72e86b38c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13021169-9695-5a6a-9f52-314828e57903", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7947e36e-dca4-5615-b184-96d9b2f784f8", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16e242e4-7fbe-5d7a-8a82-b34475568dca", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2ecbdc4-09a7-5a8b-9b4a-d22936fd36f5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c6b8b6d-f8a9-57e4-9f31-8e6e0b1f598d", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48524fca-d854-561c-a4d9-5b2b18a68131", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01e76fa7-65e8-57e8-b304-3b6e645efdd6", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3e9c0d5-9d94-5034-ac48-5432c32b47ef", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87c8a5c5-36e1-5a09-b883-e0b43c1dc91b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdc5e149-24d4-5b44-bee3-37d79b03cadd", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.7-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d3958c9-4600-50c9-8393-26cfcf084e99", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d21e575-45b1-5ada-9612-7cbad412a4c7", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b29bbf5-2833-5737-95ec-c28fbdbdf541", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:633f50aa-0d09-59d3-b7f0-52d2612f124e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dce5c7ea-0f10-5f4b-b131-a00ff89a0731", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.7-tuxcare.1" } ] }