{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:faeee259-a273-507f-8aea-1452f96e181c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-log4j2", "version": "2.7.18.tuxcare.1", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5f2a6b8a-d294-5e5f-ad2e-8acc3ab43379", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c996a344-4feb-5b71-a169-12529e5b0298", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84675b04-6004-5f7e-a97e-732fbaba5a83", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9a0e35b-b46a-5a5e-9d92-2d9020658780", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07d5cf60-5084-5887-a2e6-a54d702f65d3", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12f98574-ddda-5769-a6f7-7c78ae16adb3", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b368ec0-fdfc-570d-b27e-0b5c8afd27ad", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ffd430d-e906-54b8-a827-ab223ae6ee2c", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b06259e0-7ac1-51bf-8eee-4a339ed5892f", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.7.18.tuxcare.1" } ] }