{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bfcb7a7c-c0c8-504a-b472-785cb18824af", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.7-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:98a6772d-a31d-5799-806a-2c5bd6e83e94", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c06ea91-3f42-549b-b9c6-37c008b669ec", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:152d9699-95b8-5164-8cf6-016446e2214f", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2da75004-6828-5c0f-a3c1-a10976be97c6", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82bd217e-37e9-5ef1-8d55-e62528c53d23", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d745f59-01e0-52f0-817f-5410cfb1b873", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b42edc9-51ed-513e-826a-fffdf970c723", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2dd45d3-72ed-503b-9d16-bb8318646acd", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:992df7df-b693-5dcb-94a5-5f9f937c1775", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc888468-9a34-59dd-b4c0-a3eb38061ecb", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4bfe5cdb-19c0-586c-bcb7-1e26887d80e2", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75c0b231-18c4-540a-823e-559f1236d49c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c5b691b-b364-549e-91de-2080e45823c0", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d35ad6d2-37d3-570b-832b-8c79d883dc7a", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9117cf92-1ce5-5276-9be6-0af0d83b374c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ed905bc-e2f1-5543-84bf-2033e4dba38a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3901b430-81a9-5e5f-a3a0-1108cd4894d7", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:771c1b47-8571-5e0d-ab6e-7405f73db2ac", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27f5b630-912d-569f-9327-c588b83893dc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fb97ed7-ad07-5c60-9068-25169e91a725", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c84010ba-da8c-55b9-a7a1-67c7aad9d979", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a136e48c-d80d-50a8-a9c0-04b6b9b956df", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-orm 5.3.7-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:961d0ecb-514f-5d08-bfe4-83747dc75a43", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3dad4b09-91f3-528a-a63a-2f7892897db6", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a154246-1212-5c8e-9059-73d37651ceee", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca004575-91f5-564f-893e-742151e4f6e5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d8dfdf7-649b-54cc-9938-aa611e138204", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.7-tuxcare.2" } ] }