{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a40342c2-4949-5f57-9e16-d9db6f0deb54", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "4.0.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ea7578eb-7af6-52fd-bc3e-fd1dc4851a78", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f612aa3-325a-5313-8907-c5e69115d6e2", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1e652a9-b3e4-5c8f-a0f0-c367101f9c3d", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d12cd3b7-2f99-5b79-bccd-5136a2254c6e", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3873987f-a9e3-5794-90d6-c03a9ddf6d71", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c3785e7-3e21-597e-bad8-b1a84c4bd677", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:482b2165-2d03-5073-b60f-f43d313128c8", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93e5da2f-91d3-5e7e-8df4-cd1676a826d9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:701cdb12-f07c-5d17-9826-73e54060def9", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07ef7e08-2bb1-5476-8eed-6b04261b7967", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77b9fbd6-667d-5185-90c5-1a8e3a03a0bd", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:794cedf3-ef3e-5a6c-b79a-3e5e9c170401", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1226846-f968-52a7-a518-f0510849353e", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-orm 4.0.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c783cf2-f98c-554e-839a-9fa8cc2e2dd9", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04c3c7a0-4402-5230-a336-e4a2b6e939fc", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4dbd05a-3227-533a-a9b6-7fc2deda7f55", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdca278a-e1ab-5a74-a2c1-f3b2853ce41d", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9657959d-0735-5097-a826-95fedd0d02f6", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a143c88f-6be5-55c8-a685-a7748bc648cf", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb4cc242-1dbb-5159-ad1e-270c5fc3ee8c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92b65a04-0c1d-5e62-8daa-83df3cca84f6", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:986f9918-d0ff-5b0d-b58c-24532e95dd37", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c77acef-a066-5f46-8cab-ed5a140e2f71", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ceb107b8-00d1-5543-90cb-db7a6770738d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e622f3f8-2b42-5e58-902a-5c856a4914be", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23627a5c-24cb-526b-9b4b-eff69a336da6", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10022c0a-8521-5779-8c98-ef1f5f30ca57", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:646448e1-3b34-54b1-9c75-1c6e43c09365", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1d6e22e-3e47-5edf-9655-c95d804ca587", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc6a5b3f-94a0-5358-b5fa-512421f7fdf2", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2c97226-b983-5bf6-b5eb-e5475cf2fb60", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:855e1b8a-a316-578b-bd55-9fc36a79ddee", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f46d662c-24b2-5e55-98fd-d0aa321c4ecd", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:077bdcf4-f5d5-5309-bf42-e06a2968b481", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22f75c4a-8b73-5dbc-ab7d-e61fd95531d0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8b89f35-2711-5e0a-b8e5-85d5a2ef03ab", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e1f0886-c286-5fa3-8680-ef3559ccf4fa", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6246ff9a-9ac0-5b4b-a25c-8287c5449493", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9befa52-f31f-58d1-84c7-e0bb7902028b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1c742f1-0b3f-5450-b776-5dad0daa4eda", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@4.0.0.RELEASE-tuxcare.2" } ] }