{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cb8a4b58-d507-5305-ad32-60a61eb328d1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-log4j2", "version": "2.6.15-tuxcare.6", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fb9a41de-6860-5c79-8608-94a12276b047", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:39170b7a-4398-5b74-b851-9b1fc6ae454f", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:70b48194-d6dd-54d3-9531-eeb755935699", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cc89e3ae-b8c5-5d18-ae36-2c28e2389f9b", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c9420311-34e8-5e8e-8bca-a33ee238c12f", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e14c83b5-4ea2-5016-85d8-35b627a49405", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1663bd1b-e01e-5b03-8cfd-357c656788ef", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e05eda8f-0296-50ac-b575-1790777f3c6e", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e0d8b7c6-82a8-5b4e-b092-3c61b2f04748", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.6" } ] }