Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN819 _____________________________________________________________________ DATE : 20/11/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Tanzu Data Intelligence, VMware Tanzu Greenplum, VMware Tanzu Data Services Pack, VMware Tanzu Data Suite, VMware Tanzu Gemfire. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36460 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36461 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36459 _____________________________________________________________________ Product Release Advisory - VMware Tanzu Greenplum 6.31.1 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Suite VMware Tanzu Greenplum Notification Id 36460 Last Updated 18 November 2025 Initial Publication Date 18 November 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.8 WorkAround Affected CVE Security Advisory Advisory ID: TNZ-2025-0229 Severity: Critical Issue Date: 2025-11-18 Updated on: 2025-11-18 Synopsis VMware Tanzu Greenplum 6.31.1 addresses the following security vulnerabilities. Product Version Release Advisory VMware Tanzu Greenplum 6.31.1 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-greenplum/6/greenplum-database/cve-gpdb.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved vmware-greenplum GHSA-8pcp-r83j-fc92 (critical) CVE-2025-22871 (critical) GHSA-cx63-2mw6-8hw5 (high) GHSA-gmj6-6f8f-6699 (medium) CVE-2024-8088 (high) GHSA-jh7c-xh74-h76f (high) GHSA-c46w-gr7f-jm2p (high) GHSA-8qvm-5x2c-j2w7 (high) GHSA-5rjg-fvgr-3xxf (high) GHSA-28jp-44vh-q42h (high) CVE-2024-9287 (medium) GHSA-q2x7-8rv6-6q7h (medium) CVE-2024-7592 (high) GHSA-q34m-jh98-gwm2 (medium) CVE-2024-6232 (high) CVE-2024-4032 (high) GHSA-7cx3-6m66-7c5m (high) GHSA-8w49-h785-mj3c (high) GHSA-36fq-jgmw-4r9c (high) CVE-2024-4030 (high) PL/Container Python3 Image CVE-2022-32221 (critical) CVE-2022-32207 (critical) CVE-2023-27533 (high) CVE-2024-2398 (high) CVE-2022-22576 (high) CVE-2021-22901 (high) CVE-2022-27781 (high) DataSciencePython3 GHSA-8qvm-5x2c-j2w7 (high) GHSA-cjgq-5qmw-rcj6 (medium) History 2025-11-18: Initial vulnerability report published. Contact E-mail: [email protected] VMware Tanzu Security Advisories https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu Greenplum 7.6.1 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Suite VMware Tanzu Greenplum Notification Id 36461 Last Updated 18 November 2025 Initial Publication Date 18 November 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.8 WorkAround Affected CVE Security Advisory Advisory ID: TNZ-2025-0230 Severity: Critical Issue Date: 2025-11-18 Updated on: 2025-11-18 Synopsis VMware Tanzu Greenplum 7.6.1 addresses the following security vulnerabilities. Product Version Release Advisory VMware Tanzu Greenplum 7.6.1 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-greenplum/7/greenplum-database/cve-gpdb.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved vmware-greenplum GHSA-8pcp-r83j-fc92 (critical) CVE-2025-22871 (critical) GHSA-cx63-2mw6-8hw5 (high) GHSA-gmj6-6f8f-6699 (medium) CVE-2024-8088 (high) GHSA-jh7c-xh74-h76f (high) GHSA-c46w-gr7f-jm2p (high) GHSA-8qvm-5x2c-j2w7 (high) GHSA-5rjg-fvgr-3xxf (high) GHSA-28jp-44vh-q42h (high) CVE-2024-9287 (medium) GHSA-q2x7-8rv6-6q7h (medium) CVE-2024-7592 (high) GHSA-q34m-jh98-gwm2 (medium) CVE-2024-6232 (high) CVE-2024-4032 (high) GHSA-7cx3-6m66-7c5m (high) GHSA-8w49-h785-mj3c (high) GHSA-36fq-jgmw-4r9c (high) CVE-2024-4030 (high) PL/Container Python3 Image GHSA-q34m-jh98-gwm2 (medium) GHSA-28jp-44vh-q42h (high) DataSciencePython3 GHSA-8qvm-5x2c-j2w7 (high) GHSA-28jp-44vh-q42h (high) GHSA-36fq-jgmw-4r9c (high) GHSA-cjgq-5qmw-rcj6 (medium) History 2025-11-18: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu GemFire 10.1.5 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services Pack VMware Tanzu Data Suite VMware Tanzu Gemfire Notification Id 36459 Last Updated 18 November 2025 Initial Publication Date 18 November 2025 Status CLOSED Severity HIGH CVSS Base Score WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0228 Severity: High Issue Date: 2025-11-18 Updated on: 2025-11-18 Synopsis Bumped multiple dependencies, which resulted in at least 5 CVEs remediated in this release Product Version Release Advisory VMware Tanzu GemFire 10.1.5 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire/10-1/gf/release_notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Jetty CVE-2025-5115 (high) Netty CVE-2025-58056 (low) CVE-2025-58057 (medium) CVE-2025-59419 (medium) Spring Framework CVE-2025-41254 (medium) History 2025-11-18 Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories https://tanzu.vmware.com/security ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================