{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:57a4469c-cdd6-51ac-b823-7fd8a0d14f57", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.2.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9366b7da-a180-5f9c-87df-6095b2326741", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b220643-03a0-551f-b347-0011fe0a0f48", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:121791a3-36bf-5844-80c4-714646606c3d", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4acf849a-4a55-5947-9aa2-e4bf7f5d84ae", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51c0f2c8-80d6-5562-8280-c1f8dd915f71", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da28b844-a417-5801-8e2b-3dcd933802eb", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f43c7751-415f-5563-a5e9-849d31b3cece", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:49d1bf97-5216-5b14-a8d5-e07cadb5b754", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e6291a4-246a-58aa-bf26-b3e2db8d2e52", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6771fd9e-2f88-5444-a10c-35ac7fcfe17f", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:656dd4f7-6c2b-584b-82df-664ed4e81bb4", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffc254e2-ce81-516f-a575-da87db399bda", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:11373c3e-20e2-5e7d-a15d-71e76f9a31f2", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:992fce23-6218-5505-b89d-1c9cec222d74", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ac9ae4c-dd40-5348-b853-bd969e11f66a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a2ac14f-80a4-5cf3-baf7-94279fa7ceff", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a123c49-61f0-56ca-986c-693f145f870d", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c7cca79-7822-53ee-9bd4-4eca1202560d", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66aac4d6-b064-5a57-ba29-d9cbeb2ec55d", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-orm 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:87572f03-685c-5444-8f77-3a624b262897", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:305a9d19-8538-54bb-a691-3fe0147f7c48", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:139d0d37-6532-5637-aebd-c52520a0aef7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:708f70f5-59a8-5ca0-8cc5-6e3a0a44b00a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a6640e5-624b-5e64-9a95-e1b6a94a5d52", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-orm 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf0c233e-b942-5b6c-be47-b930bddd863d", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.0.RELEASE-tuxcare.3" } ] }