{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:47d780ef-e50b-58f2-85ac-6b1ea9a62e73", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "4.0.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:37c82355-c682-5e57-ab4d-adf43d356dfa", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4425700-fe61-5f3b-b8c2-2c8e48f34d77", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82dbc14f-738f-5d16-904a-92413c56de11", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78f2c4fe-4d7e-55c0-be69-876bc5136d75", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93eb7c89-3e17-5167-8208-ff96b3e536cd", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e48c6ede-d3c5-5a93-acb7-5358886ff564", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82d2ccbf-5b11-5232-83cb-8e1b35d8a012", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d99d01e9-9607-5e57-addd-802fc94b1a9c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:011c686c-a3e1-5223-a45f-a4b132071826", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f63cb64d-6b01-5f92-98b9-73db2e3fd856", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33f73ac7-8710-5869-bce6-344833afea0f", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1639ac9-078c-5d5a-a5e4-48fcfc15b99e", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33a4abcc-c375-5877-90a9-9f79c62b81a4", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-orm 4.0.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:853ee922-64ae-5123-9c2d-77d9a9e7e111", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9e5852f-de35-54e3-86e8-af5ef19951a4", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a40b564-4e63-532e-bd18-7c0ff221903f", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1dc2830d-953d-523d-93b5-557b13162fb2", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ddb9689-b7b2-5e06-9dd1-dd2df558ebee", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50da4a27-2213-5177-b17b-4e47d8057e34", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6e149ad-6c0c-5ff1-bd86-b1eaf5829896", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c193ae1-874c-5f16-b3f8-1b47cac9ec9a", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb00faaa-f389-5470-bf1a-8daf7aa6a8c8", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6962e4a-a38e-51ca-8c88-285b80f32e9a", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:482822c3-d39a-5ae1-aab9-132a62305952", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2647ccb6-556b-5db8-9798-aec66f3510d9", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4c3c048-8309-557f-978b-88e6a2bb6447", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1e633dc-df23-5090-aa0b-539ef07c2c8b", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd06c940-76cb-549b-a47a-5a3370aa8deb", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50322c84-64b5-55dd-a1c0-d90cf9162134", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f6b58b6-3bd9-5834-8971-78ebda87df38", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:872f5572-329e-55d2-ba88-5c1d5b400876", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:689e95cb-28e3-5717-8695-32f4a912adff", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93e59351-b9aa-593c-8e2a-7e8ac33bd9fb", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3ad201b-37cb-5126-810f-ba3102c33685", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bcc6bb4-bb9e-540e-8bdc-548563362260", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4a62076-2b5d-5b56-a11c-79b308fabeec", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a33d183-3528-517e-a095-5f373cf29cf6", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f40b2af8-e47e-5286-a92e-721d54ae2019", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16dd9e52-5e7f-52e8-a663-fe17edc5f21c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af5fd60c-c17a-5d50-82b9-9656a0c451d0", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.1" } ] }