{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1227962f-7bdc-5953-8e17-f86ed230353c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3", "type": "library", "group": "org.springframework.security", "name": "spring-security-cas", "version": "5.8.16.tuxcare.3", "purl": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b4d0fc11-4419-5210-af76-b57aa81325d7", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:215d64f8-2651-52fa-a10d-1a06f31f8d5d", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:75303516-1709-523f-a3ed-e61a4002dd63", "id": "CVE-2020-5408", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-5408 does not affect version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas. Version 5.8.16 is not vulnerable to CVE-2020-5408. No backport is needed. The fix was included in Spring Security 5.3.2, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ef9e2e6-50fd-5123-afa2-d24b7493efc9", "id": "CVE-2023-34035", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-34035 is a false positive for org.springframework.security:spring-security-cas 5.8.16.tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c232ac56-482a-5c23-adc9-9cb11daaa5ca", "id": "CVE-2023-34042", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2023-34042 does not affect version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas. Version 5.8.16 is not vulnerable to CVE-2023-34042. No backport is needed. The fix was included in Spring Security 5.8.7, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e2a6be8-9b61-578b-8fa9-615665e1858f", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9412df24-34cb-5488-b264-42b1a7ef0a53", "id": "CVE-2025-22234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22234 is fixed in version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2318d88-f6ec-5280-88a5-43602de32dd0", "id": "CVE-2025-41248", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41248 is a false positive for org.springframework.security:spring-security-cas 5.8.16.tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc6c9798-b03f-50d4-a1bf-72b6631efabc", "id": "CVE-2026-22732", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22732 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d084289-c548-58d8-9f46-6d55f6ad101f", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:275a20ff-0bf4-5765-94ea-4919cb4f034f", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ccf9e037-974f-5485-85a5-3acbb68a136e", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c0fa4ed-7c75-5310-8d5a-4800c1c2a6a6", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f4cc77d-d41a-58cc-a01d-1582406e43dd", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-cas." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-cas@5.8.16.tuxcare.3" } ] }