{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:719bd2f7-26ec-51f3-82e3-719aa174be0f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-actuator", "version": "2.6.15-tuxcare.4", "purl": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6f683c78-014f-5a33-840d-5d231c1c320b", "id": "CVE-2023-34055", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34055 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2c87d44-7f82-53ab-a683-f959da2bfab5", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:adca75dc-b628-5ebd-88a4-210282a89598", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1932f405-0650-5475-bd9d-f97e80ae95c4", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e0d88f5-e3bc-505c-a771-7b3dc3aab123", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c69a4e06-9cfe-5974-89e8-21866791d16c", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:997df5b8-90ca-5c91-8d86-9432e660abdb", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1f6034a0-7d99-50b4-8799-8fc80ec82e0e", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6d0b800-9f0c-55de-ba96-174d6b7fa70f", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-actuator@2.6.15-tuxcare.4" } ] }