{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a24548f4-76a2-5591-add3-acbe000bc0fa", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.39-tuxcare.11", "purl": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a9215b44-81ad-5351-be4e-f04b4d33c303", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:de32faff-bd3d-5b8a-acd9-02f68155d8b3", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-jms. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:d239b1be-596a-516e-8708-62fe41e119d9", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:2a8208b3-38e1-592c-a903-334108667974", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:f50192e1-1c97-581f-a4e6-e07428de689c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:cdfa7d46-7810-563a-877f-5cee58698bc4", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:da859647-81e8-58c5-a4ad-22c7dfb4df0c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:82991c91-e5c2-59a7-83f6-551602ac92cf", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.39-tuxcare.11." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:9ef52dbf-fd69-54ad-bdc3-4a41c9eae19b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:30115003-15ee-5f00-bbad-fb098748c5dc", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:8dfcf4b5-08a1-5b6f-b214-be442a1a6a86", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:60b563ea-0e8c-564a-9172-71a2b7ffc7e6", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:a3973a83-0339-5d90-bfda-be382fef8183", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:28910df7-853f-5769-9736-c7d440dcaf94", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:9e3cb342-f458-5e34-a53c-a25376f035af", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:ceba83c4-1210-5933-9266-b0a32c412282", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }