Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN114
_____________________________________________________________________

DATE                : 03/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running  Platform Automation Toolkit
                         versions prior to 5.4.0.

=====================================================================
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36911
_____________________________________________________________________

Platform Automation Toolkit 5.4.0

Product/Component

Tanzu Kubernetes Runtime
VMware Tanzu Application Service
VMware Tanzu Kubernetes Grid Integrated Edition
VMware Tanzu Platform
VMware Tanzu Platform - Cloud Foundry
VMware Tanzu Platform Core
VMware Tanzu Platform - Kubernetes
Vmware Tanzu Platform - SM 

Notification Id
36911

Last Updated
02 February 2026

Initial Publication Date
02 February 2026

Status
CLOSED

Severity
HIGH

CVSS Base Score
8

WorkAround
N/A

Affected CVE

See CVE list in advisory


Product Release Advisory - Platform Automation Toolkit 5.4.0


Advisory ID            TNZ-2026-0051

Tanzu Issue Date       2026-01-29

Updated on
	 

 	

Highest Score CVE from list below advisory details

Severity            High

CVSS V4 Vector      CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS V4 Score       8.9 (Sev: HIGH)

CVSS V3.1 Vector    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS V3.1 Score     7.5 (Sev: HIGH)

CVSS V2 Vector      Unavailable

CVSS V2 Score       Unavailable (Sev: Unavailable)

    Note: if cvss scores are "Unavailable" it is most likely due to 
the vulnerability being GHSA or BDSA without a matching CVE for 
nvd lookup.

 

Product Version Release Advisory
 
    Product Release Platform Automation Toolkit 5.4.0
    Product Release Notes: 
https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/platform-
automation-toolkit-for-tanzu/5-3/vmware-automation-toolkit/docs-ind
ex.html

 
Security Fixes: This release has the following security fixes, listed 
by component.

 

Component                 Vulnerabilities Resolved

platform-automation
	
    CVE-2025-66418 - GHSA-gm62-xv2j-4w53 (High)
    CVE-2025-66471 - GHSA-2xpw-w6gg-jr37 (High)
    CVE-2025-22872 - GHSA-vvgc-356p-c3xw (Medium)
    CVE-2025-8291 (Medium)
    CVE-2025-6075 (Medium)


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================