{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d5e7fa9a-ef43-5a58-a57f-943e856b5da3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c9aa8f14-cfbd-59ec-a298-f9d6060b96eb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ceb4add6-3ef3-52e6-8e00-f1f82377ecec", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0fce5c6b-3ada-5270-bbc9-525fea1b0482", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83f71492-086a-5449-8575-70f6c5e82b35", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d0d5ecb-1d20-54e9-bdc2-996900dba6b8", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b87a64fc-9ebc-511e-b058-a2c2ad9c6d06", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5e33f9e-9e52-512a-a79c-a08430b795b4", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02cbf906-21ac-5925-85f0-25927a585460", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d481201-9aa7-5465-b6cd-88cb70a3a1c2", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c14e1b9-2959-5970-b6f3-b084ad005b74", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09c6b333-f535-5f06-acf2-291258f866ef", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62d0ba53-6cef-5be3-bf14-8d18a71dacf9", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3464478c-52ed-5540-a63b-134863130e81", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d10ce219-5789-528a-91b2-28a0720bc4ee", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3392728c-8e07-518c-9d07-eeff391e5227", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21accc67-0544-55a9-9655-0ad97520352e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:269e8820-4b1b-5d00-b451-bc60439b1935", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24c9da2d-e3a6-5a23-abdc-b124f1060ffd", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a2fcf1d-73bf-58e8-89fc-d2c6051bd933", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-oxm 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa03af5d-81ec-5a93-9c15-f4ff0f7865ff", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:416f332d-f2d5-55a0-9eed-b0a2b372d83d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f9ca3e2-5f57-5a0d-a191-d50e1fccbb34", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cee1ce8-5df3-5793-a120-cfe8a7799531", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7981124-be50-5e8b-80da-3c4ac76ca760", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-oxm 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:803e4635-2470-56b3-bc46-9f2f34a818ca", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.2" } ] }