{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8c697ffa-2a0e-5b2b-a85d-2604dc7707cf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.2.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8392e8e5-d747-52be-bc84-856964985fcb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18200b52-b5ad-593a-b63a-c7edc05c45a4", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1396deab-f9f1-59a5-b8ae-9d554ca4889b", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1730880-9ffa-531a-a4ae-237897a7047b", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54043882-6479-536d-bd56-ee8aaba4fb5c", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4aab1f1-6bd9-599c-8c69-bfcca917f9e3", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c85a95f-d139-5ecb-835d-93842785773c", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01469412-3047-54da-800a-191b99cd1e08", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5193d82-3a8e-5d5a-8515-fdb6c4dc33f2", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:848ea2b0-f914-57a7-add2-8cf0896fef14", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c8ce34b-7522-5bd6-a788-c2d84ffed8af", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01d18a0f-a8c9-5b27-8c77-dbe5fbad3b5f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f487104-69ba-512d-8b2f-2888811d12c7", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc286331-b207-5155-b390-95edc1fe7c89", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a628b710-bb3f-5a69-b824-fc01349a4b66", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:232a21ad-f446-5c73-8ae8-7aeb374abd60", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d19f19c8-7d8c-5950-b525-52e6ef0e64b2", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9c4f68a-e6a7-5d12-a9b2-fbec96dbf919", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a49f8ff9-376c-5968-a125-3e79f8346c09", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-oxm 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e85ffa6-06a4-5e3d-ae12-d48ec0468c7e", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95d42408-ed1d-531f-bfe8-ef3527b53d25", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc2acc3b-1914-55a6-9490-a0551a8e7b98", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08654a2a-0962-5403-a6ed-164fcc9be0ff", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9021e017-bae4-5fa5-b0e3-dffbdf698b04", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-oxm 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fae5370d-6ac3-5b94-8475-ecd8f647725a", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.1" } ] }