Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN129 _____________________________________________________________________ DATE : 05/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Foundation Core for VMware Tanzu Platform versions prior to 3.1.7. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36929 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36930 _____________________________________________________________________ Foundation Core for VMware Tanzu Platform 3.1.7 - ops-manager-aws Product/Component Operations Manager Tanzu Kubernetes Runtime VMware Tanzu Application Service VMware Tanzu Kubernetes Grid Integrated Edition VMware Tanzu Platform VMware Tanzu Platform - Cloud Foundry VMware Tanzu Platform Core VMware Tanzu Platform - Kubernetes Vmware Tanzu Platform - SM Notification Id 36929 Last Updated 05 February 2026 Initial Publication Date 05 February 2026 Status CLOSED Severity HIGH CVSS Base Score 8 WorkAround N/A Affected CVE See CVE list in advisory Product Release Advisory - Foundation Core for VMware Tanzu Platform 3.1.7 Advisory ID TNZ-2026-0053 Tanzu Issue Date 2026-01-29 Updated on Highest Score CVE from list below advisory details Severity High CVSS V4 Vector Unavailable CVSS V4 Score Unavailable (Sev: Unavailable) CVSS V3.1 Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS V3.1 Score 7.8 (Sev: HIGH) CVSS V2 Vector Unavailable CVSS V2 Score Unavailable (Sev: Unavailable) Note: if cvss scores are "Unavailable" it is most likely due to the vulnerability being GHSA or BDSA without a matching CVE for nvd lookup. Product Version Release Advisory Product Release Foundation Core for VMware Tanzu Platform 3.1.7 Product Release Notes: https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-operations-manager/3-1/tanzu-ops-manager/release-notes.html Security Fixes: This release has the following security fixes, listed by component. Component Vulnerabilities Resolved ops-manager-aws CVE-2025-68973 (High) CVE-2022-49390 (High) CVE-2025-22872 - GHSA-vvgc-356p-c3xw (Medium) CVE-2026-21441 (Medium) CVE-2025-7424 (Medium) CVE-2025-6966 (Medium) CVE-2025-66418 (Medium) CVE-2025-65018 (Medium) CVE-2025-64720 (Medium) CVE-2025-64506 (Medium) CVE-2025-64505 (Medium) CVE-2025-40018 (Medium) CVE-2025-39993 (Medium) CVE-2025-39964 (Medium) CVE-2025-21855 (Medium) CVE-2025-14512 (Medium) CVE-2025-14087 (Medium) CVE-2025-13601 (Medium) CVE-2025-11494 (Medium) CVE-2025-11414 (Medium) CVE-2025-11413 (Medium) CVE-2025-11412 (Medium) CVE-2024-53090 (Medium) CVE-2024-50067 (Medium) CVE-2025-14762 - GHSA-2xgq-q749-89fq (Medium) CVE-2025-7039 (Low) CVE-2025-3360 (Low) CVE-2024-53218 (Low) CVE-2024-47691 (Low) _____________________________________________________________________ Foundation Core for VMware Tanzu Platform 3.1.7 - ops-manager-azure Product/Component Operations Manager Tanzu Kubernetes Runtime VMware Tanzu Application Service VMware Tanzu Kubernetes Grid Integrated Edition VMware Tanzu Platform VMware Tanzu Platform - Cloud Foundry VMware Tanzu Platform Core VMware Tanzu Platform - Kubernetes Vmware Tanzu Platform - SM Notification Id 36930 Last Updated 05 February 2026 Initial Publication Date 05 February 2026 Status CLOSED Severity HIGH CVSS Base Score 8 WorkAround N/A Affected CVE See CVE list in advisory Product Release Advisory - Foundation Core for VMware Tanzu Platform 3.1.7 Advisory ID TNZ-2026-0054 Tanzu Issue Date 2026-01-29 Updated on Highest Score CVE from list below advisory details Severity High CVSS V4 Vector Unavailable CVSS V4 Score Unavailable (Sev: Unavailable) CVSS V3.1 Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS V3.1 Score 7.8 (Sev: HIGH) CVSS V2 Vector Unavailable CVSS V2 Score Unavailable (Sev: Unavailable) Note: if cvss scores are "Unavailable" it is most likely due to the vulnerability being GHSA or BDSA without a matching CVE for nvd lookup. Product Version Release Advisory Product Release Foundation Core for VMware Tanzu Platform 3.1.7 Product Release Notes: https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-ope rations-manager/3-1/tanzu-ops-manager/release-notes.html Security Fixes: This release has the following security fixes, listed by component. Component Vulnerabilities Resolved ops-manager-azure CVE-2025-68973 (High) CVE-2022-49390 (High) CVE-2025-22872 - GHSA-vvgc-356p-c3xw (Medium) CVE-2025-7424 (Medium) CVE-2025-6966 (Medium) CVE-2025-66418 (Medium) CVE-2025-65018 (Medium) CVE-2025-64720 (Medium) CVE-2025-64506 (Medium) CVE-2025-64505 (Medium) CVE-2025-40018 (Medium) CVE-2025-39993 (Medium) CVE-2025-39964 (Medium) CVE-2025-21855 (Medium) CVE-2025-14512 (Medium) CVE-2025-14087 (Medium) CVE-2025-13601 (Medium) CVE-2025-11494 (Medium) CVE-2025-11414 (Medium) CVE-2025-11413 (Medium) CVE-2025-11412 (Medium) CVE-2024-53090 (Medium) CVE-2024-50067 (Medium) CVE-2025-14762 - GHSA-2xgq-q749-89fq (Medium) CVE-2025-7039 (Low) CVE-2025-3360 (Low) CVE-2024-53218 (Low) CVE-2024-47691 (Low) ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================