{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:01dd26a3-ebfa-5e6f-a5fa-feeb9d72ce92", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-log4j2", "version": "2.6.15-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f8a94d7e-5ae2-57d9-805f-d84edaa2625a", "id": "CVE-2023-34055", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34055 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7d95fe0-6d3c-5385-a9ec-3d26cf2e7222", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6495b250-133c-5da8-b075-27f07c3908ad", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b31cda59-0571-50fd-9232-aa594cd63dc1", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:593e5b77-8edf-5d54-b6db-6150595c6703", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eeb32f63-bf3a-5167-8d32-3e689443480b", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b18d36cb-936f-5295-b970-c45ce452a7f5", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ed4eeef-f23b-57ce-ab5a-23c56748dddb", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:007a1871-410a-557b-806b-6c12ca26ae33", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter-log4j2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-log4j2@2.6.15-tuxcare.3" } ] }