Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN113 _____________________________________________________________________ DATE : 03/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Tanzu Telemetry for VMware Tanzu versions prior to 2.4.0. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36910 _____________________________________________________________________ Telemetry for VMware Tanzu Platform 2.4.0 Product/Component Tanzu Kubernetes Runtime VMware Tanzu Application Service VMware Tanzu Kubernetes Grid Integrated Edition VMware Tanzu Platform VMware Tanzu Platform - Cloud Foundry VMware Tanzu Platform Core VMware Tanzu Platform - Kubernetes Vmware Tanzu Platform - SM Notification Id 36910 Last Updated 02 February 2026 Initial Publication Date 02 February 2026 Status CLOSED Severity CRITICAL CVSS Base Score 9.1 WorkAround N/A Affected CVE See CVE list in advisory Product Release Advisory - Telemetry for VMware Tanzu Platform 2.4.0 Advisory ID TNZ-2026-0050 Tanzu Issue Date 2026-01-29 Updated on Highest Score CVE from list below advisory details Severity Critical CVSS V4 Vector Unavailable CVSS V4 Score Unavailable (Sev: Unavailable) CVSS V3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS V3.1 Score 9.1 (Sev: CRITICAL) CVSS V2 Vector Unavailable CVSS V2 Score Unavailable (Sev: Unavailable) Note: if cvss scores are "Unavailable" it is most likely due to the vulnerability being GHSA or BDSA without a matching CVE for nvd lookup. Product Version Release Advisory Product Release Telemetry for VMware Tanzu Platform 2.4.0 Product Release Notes: https://techdocs.broadcom.com/us/en/vmware-tanzu/platform-services/telemetry-for-tanzu/2-2/telemetry-tanzu/release-notes.html Security Fixes: This release has the following security fixes, listed by component. Component Vulnerabilities Resolved bpm CVE-2024-45337 - GHSA-v778-237x-gjrc (Critical) CVE-2025-4674 (High) CVE-2025-52565 - GHSA-qw9x-cqr3-wc7r (High) CVE-2025-52881 - GHSA-cgrx-mc8f-2prm (High) CVE-2025-31133 - GHSA-9493-h29p-rfm2 (High) CVE-2025-22869 - GHSA-hcg3-q754-cr77 (High) CVE-2025-61729 (High) CVE-2025-61725 (High) CVE-2025-61723 (High) CVE-2025-58188 (High) CVE-2025-58187 (High) CVE-2025-22874 (High) CVE-2025-47907 (High) CVE-2025-4673 (Medium) CVE-2025-61727 (Medium) CVE-2025-47906 (Medium) CVE-2025-0913 (Medium) CVE-2022-29526 - GHSA-p782-xgp4-8hr8 (Medium) CVE-2025-61724 (Medium) CVE-2025-58189 (Medium) CVE-2025-58186 (Medium) CVE-2025-58185 (Medium) CVE-2025-47912 (Medium) CVE-2025-58183 (Medium) telemetry CVE-2025-61729 (High) CVE-2025-61725 (High) CVE-2025-61723 (High) CVE-2025-58188 (High) CVE-2025-58187 (High) CVE-2025-61727 (Medium) CVE-2025-61724 (Medium) CVE-2025-58189 (Medium) CVE-2025-58186 (Medium) CVE-2025-58185 (Medium) CVE-2025-47912 (Medium) CVE-2025-58183 (Medium) CVE-2025-61594 - GHSA-j4pr-3wm6-xx2r (Low) CVE-2025-58767 - GHSA-c2f4-jgmc-q2r5 (Low) ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================