{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a887cfb7-ffbd-5ffa-9e4c-1a173e910eae", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4", "type": "library", "group": "org.springframework.security", "name": "spring-security-cas", "version": "5.8.16-tuxcare.4", "purl": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8e8464fb-ff16-5eff-8ad1-91c03df3bcbd", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbb82a9f-1bf9-59f2-a861-2fd1fce94248", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d22be19e-e9a7-5f7d-aa6f-7e90fe66b6db", "id": "CVE-2020-5408", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-5408 does not affect version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas. Version 5.8.16 is not vulnerable to CVE-2020-5408. No backport is needed. The fix was included in Spring Security 5.3.2, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e95e53f-35c6-58be-9b9c-5effbb54a80d", "id": "CVE-2023-34035", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-34035 is a false positive for org.springframework.security:spring-security-cas 5.8.16-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16b87321-e8ec-5732-b095-f7242c61a885", "id": "CVE-2023-34042", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2023-34042 does not affect version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas. Version 5.8.16 is not vulnerable to CVE-2023-34042. No backport is needed. The fix was included in Spring Security 5.8.7, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61c75bdb-ebb6-58fe-9370-105e7e23572d", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8f5ff55-a756-54c1-a683-a991757ddc89", "id": "CVE-2025-22234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22234 is fixed in version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1b3006a-e826-5919-a64e-f20e680f3222", "id": "CVE-2025-41248", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41248 is a false positive for org.springframework.security:spring-security-cas 5.8.16-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a5f53b5-80e1-5968-b172-da44ea0441eb", "id": "CVE-2026-22732", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22732 affects version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02692e8f-175a-501d-9da9-f688d72f9328", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a0f668e-f8de-59dd-8a9b-c3a892979940", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7477cc1f-a5bd-5dbb-8b39-e34a350e014f", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4e298e6-709a-5756-837a-65b0f3520b7a", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5d9a006d-48a9-55c7-bb31-a6a5be4f0208", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.8.16-tuxcare.4 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16-tuxcare.4" } ] }