{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a2eb6688-505f-5a36-8f1f-ca35dd330cce", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.2.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a5098a83-2b36-5665-b87a-5c1c49819657", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe58a1ba-26e1-5c23-b005-69201e05cdbc", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e774a443-7228-5fca-8f44-5ec457217beb", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe33d517-ab91-5b6c-8c40-e50d667a0386", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce6e1bb2-022f-5991-92a9-17cd4aa48e27", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f118271-0573-54ce-bdf4-4d2a41b84087", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db6ca10a-6f4d-5797-bf48-4c0daa10c48f", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7fa03d8c-0bd4-5f79-9087-56992ce3d515", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ffc17af-fcd3-5d45-bddd-06fa773c2e8e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9fe458e1-4d27-5c04-8682-85003442e3f0", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f70198b-2c42-5fa8-9f0a-849781a8e70f", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e1f950b-d27a-5fb8-ab62-cdaa74468dda", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2599b4e9-d4f6-5d95-a334-ddba13a3c10b", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2a9f094-1ca5-58da-92c9-107985c775f2", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3150fd7-7c42-5244-9736-237a227aeb99", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:434d9092-8315-5800-b069-2d027ecb49ca", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae657792-422e-508a-a44e-bbd3d582a5e6", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe32185e-81ff-5253-8ae0-e5fb66dbbe4c", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:338e537c-741f-543a-a236-6983411fccf3", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-oxm 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9856caaf-ab8d-5d78-b41a-32dc3fba97fc", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:589252fd-ef1b-54a2-bde8-64803ee71502", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efa2a15d-3d2f-51ea-98d1-b55ee0e2fb9b", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb416e0f-985e-52f6-9650-385c0090fa70", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe45aad1-10ea-5dff-a57f-938ad8ee30a1", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-oxm 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:819ed718-70d2-5c8f-8ce5-9217be4c00f5", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.2.0.RELEASE-tuxcare.3" } ] }