Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN581 _____________________________________________________________________ DATE : 04/09/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Tanzu Data Intelligence, VMware Tanzu Data Suite, VMware Tanzu Greenplum, VMware Tanzu Data Services Pack. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36086 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36085 _____________________________________________________________________ Product Release Advisory - VMware Tanzu Greenplum 7.5.4 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Suite VMware Tanzu Greenplum Notification Id 36086 Last Updated 03 September 2025 Initial Publication Date 03 September 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.8 WorkAround Affected CVE Security Advisory Advisory ID: TNZ-2025-0095 Severity: Critical Issue Date: 2025-09-03 Updated on: Synopsis VMware Tanzu Greenplum 7.5.4 addresses the following security vulnerabilities. Product Version Release Advisory VMware Tanzu Greenplum 7.5.4 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-greenplum/7/greenplum-database/relnotes-release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved VMware Tanzu Greenplum CVE-2025-4517 (critical) CVE-2024-12718 (medium) CVE-2025-9288 (critical) CVE-2023-37920 (high) GHSA-q2x7-8rv6-6q7h (medium) GHSA-4vmg-rw8f-92f9 (critical) GHSA-f73w-4m7g-ch9x (critical) CVE-2025-8941 (high) CVE-2025-6965 (high) CVE-2022-44840 (high) CVE-2021-45078 (high) CVE-2025-6020 (high) CVE-2025-7425 (high) History 2025-09-03: Initial vulnerability report published. Contact E-mail: [email protected] VMware Tanzu Security Advisories https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu GemFire Management Console 1.4.0 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services Pack VMware Tanzu Data Suite VMware Tanzu Gemfire Notification Id 36085 Last Updated 03 September 2025 Initial Publication Date 03 September 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.9 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0094 Severity: Critical Issue Date: 2025-09-03 Updated on: 2025-09-03 Synopsis Bumped multiple dependencies, which resulted in at least 30 CVEs remediated in this release Product Version Release Advisory VMware Tanzu GemFire Management Console Release 1.4.0 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire-management-console/1-4/gf-mc/release_notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved vmware-gemfire-management-console CVE-2024-41110 (Critical) CVE-2025-22871 (Critical) CVE-2024-45337 (Critical) CVE-2025-30204 (Critical) CVE-2025-52434 (High) CVE-2025-22228 (High) CVE-2025-22869 (High) CVE-2025-4674 (High) CVE-2025-48734 (High) CVE-2025-22235 (High) CVE-2025-52999 (High) CVE-2025-22868 (High) CVE-2025-55163 (High) CVE-2025-48989 (High) CVE-2025-48988 (High) CVE-2025-22870 (Medium) CVE-2024-45336 (Medium) CVE-2025-22866 (Medium) CVE-2025-41242 (Medium) CVE-2025-49125 (Medium) CVE-2024-6104 (Medium) CVE-2024-35255 (Medium) CVE-2025-22872 (Medium) CVE-2025-4673 (Medium) CVE-2025-48924 (medium) CVE-2025-31650 (Medium) CVE-2024-45341 (Medium) CVE-2025-54410 (Low) CVE-2025-46701 (Low) CVE-2025-31651 (Low) History 2025-09-03: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories https://tanzu.vmware.com/security ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================