{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:63bddd31-1823-56ad-a89a-10f45525ad29", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.2.13.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4b9dbbb7-e111-5319-8c38-72aecb88b6c2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9a066e4-8fea-5fe9-b21a-6a6a9c815f5a", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab88f6a5-472f-5c82-bb7e-c62f33cf50b7", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d722d7b0-e182-5336-86aa-ad99b6ad80a6", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74d765d1-2936-5daa-9e48-da1e1e8fd525", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b682dda0-cb47-5d3f-8bf5-c892d5adc2eb", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6d54f15-0db0-54f1-ba90-b7e5aac62f86", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b9aaee07-c067-587a-8898-4afce715e488", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2363078-7b3b-50d0-8245-ee20dd765d7c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e89031ca-f89a-5335-81f3-3c558c781edc", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6afb5aaa-56cb-5bf9-bd2c-a38dfbdf56fd", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2decb6f-56f3-5f48-8724-7a50619af136", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06ba9a7b-5ef3-551c-8824-5a142155a723", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5fa2fda6-9e05-5e58-bec2-50dfc0992a77", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f00007e2-07b7-5bbd-a37f-2966eb869873", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:11fc5f8f-7b59-59d9-a022-0f5c815cd2d4", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b89cee05-8989-5d21-889f-6bf4d947476b", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28b8ade7-047c-5187-ba3b-11a3f026dbd1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee783ad9-f7fd-5c21-8597-76c042c52955", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66c80c26-3cd0-5094-b426-11366b511645", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:358db2e0-b276-57b0-9f35-dd3848360319", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:248d764f-64b9-5947-9fdc-92d239f156e7", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a835f5d-5bdc-51b6-9169-a63625e68df1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.2.13.RELEASE-tuxcare.3" } ] }