{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8511faa1-9b9d-5151-8a88-c150b9bfa0f7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1555fa12-5a6e-5d31-b5fc-daac854a8f65", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7ab0016-c756-515f-a18c-9284033fb0ab", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5db2fec5-fc11-545e-912a-a9d7502e276b", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe42318b-e887-5ae6-9568-caa51ce45ea6", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23e7c8fd-f714-54de-866a-46d2a1fa73cc", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c45dc592-2f40-5847-a007-635a186879ca", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01b0f8da-fa10-5a6c-9a55-d78d13ddf862", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59d23f15-7e51-54e1-9aa6-3b442f884497", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e288672-dad8-5313-993e-5e8d6a3f99e6", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5c7ff49-91ec-5aa5-a67f-4420dab2e308", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:494b05ed-ab2c-5a55-9468-28205a759131", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5f0cd5f-58f0-52cd-9b44-7191aa510637", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1424016e-a525-5f28-b001-61519644257b", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f9cf1bb-5e47-5250-99e6-a4bce19e462f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c73f7a26-538b-5a8d-aef9-b3d9a116a8b5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa78e80d-5e06-5951-908f-5b4b288fb19e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:387943dd-f994-5fe3-a3d3-92538534ba38", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dacc29e1-7216-55c3-a9cc-1421c0148963", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d81de178-e561-55a1-a977-ea374ff18f77", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-orm 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9409836f-3af3-52f4-8f98-fb5b34559100", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c567d2d3-a993-5c01-91b4-1a28a39cb0be", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ab09396-4cf7-5964-8ea8-c182f60aee59", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd970d9e-4a14-583e-9557-d6383b56d425", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c64e49d-ebb5-52a9-8f0c-427b8071bc61", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-orm 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6db6c6a7-6a87-53bc-8ded-3d04b475c1fc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.2" } ] }