Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN134 _____________________________________________________________________ DATE : 06/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Tanzu Platform versions prior to 10.2.7+LTS-T. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36897 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36898 _____________________________________________________________________ Isolation Segmentation for VMware Tanzu Platform 10.2.7+LTS-T Product/Component Tanzu Kubernetes Runtime VMware Tanzu Application Service VMware Tanzu Kubernetes Grid Integrated Edition VMware Tanzu Platform VMware Tanzu Platform - Cloud Foundry VMware Tanzu Platform Core VMware Tanzu Platform - Kubernetes Vmware Tanzu Platform - SM Notification Id 36897 Last Updated 02 February 2026 Initial Publication Date 02 February 2026 Status CLOSED Severity HIGH CVSS Base Score 8 WorkAround N/A Affected CVE See CVE list in advisory Product Release Advisory - Isolation Segmentation for VMware Tanzu Platform 10.2.7+LTS-T Advisory ID TNZ-2026-0037 Tanzu Issue Date 2026-01-29 Updated on Highest Score CVE from list below advisory details Severity High CVSS V4 Vector CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR: X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X /MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS V4 Score 7.3 (Sev: HIGH) CVSS V3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS V3.1 Score 7.5 (Sev: HIGH) CVSS V2 Vector Unavailable CVSS V2 Score Unavailable (Sev: Unavailable) Note: if cvss scores are "Unavailable" it is most likely due to the vulnerability being GHSA or BDSA without a matching CVE for nvd lookup. Product Version Release Advisory Product Release Isolation Segmentation for VMware Tanzu Platform 10.2.7+LTS-T Product Release Notes: https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-pla tform-for-cloud-foundry/10-2/tpcf/segment-rn.html Security Fixes: This release has the following security fixes, listed by component. Component Vulnerabilities Resolved cf-networking CVE-2025-61729 (High) CVE-2025-67499 - GHSA-jv3w-x3r3-g6rm (Medium) CVE-2025-61727 (Medium) garden-runc CVE-2025-52881 - GHSA-cgrx-mc8f-2prm (High) CVE-2025-61729 (High) CVE-2025-67499 - GHSA-jv3w-x3r3-g6rm (Medium) CVE-2025-61727 (Medium) loggregator-agent No known CVE - GHSA-vrw8-fxc6-2r93 (Medium) nfs-volume CVE-2025-61729 (High) CVE-2025-61727 (Medium) silk CVE-2025-61729 (High) CVE-2025-67499 - GHSA-jv3w-x3r3-g6rm (Medium) CVE-2025-61727 (Medium) smb-volume CVE-2025-61729 (High) CVE-2025-61727 (Medium) smoke-tests CVE-2025-6442 - GHSA-r995-q44h-hr64 (Medium) CVE-2024-21510 - GHSA-hxx2-7vcw-mqr3 (Medium) CVE-2025-61921 - GHSA-mr3q-g2mv-mr4q (Low) syslog CVE-2025-61729 (High) CVE-2025-58187 (High) CVE-2025-61727 (Medium) _____________________________________________________________________ Isolation Segmentation for VMware Tanzu Platform 10.3.4 Product/Component Tanzu Kubernetes Runtime VMware Tanzu Application Service VMware Tanzu Kubernetes Grid Integrated Edition VMware Tanzu Platform VMware Tanzu Platform - Cloud Foundry VMware Tanzu Platform Core VMware Tanzu Platform - Kubernetes Vmware Tanzu Platform - SM Notification Id 36898 Last Updated 02 February 2026 Initial Publication Date 02 February 2026 Status CLOSED Severity HIGH CVSS Base Score 8 WorkAround N/A Affected CVE See CVE list in advisory Product Release Advisory - Isolation Segmentation for VMware Tanzu Platform 10.3.4 Advisory ID TNZ-2026-0038 Tanzu Issue Date 2026-01-29 Updated on Highest Score CVE from list below advisory details Severity High CVSS V4 Vector CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR: X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X /MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS V4 Score 7.3 (Sev: HIGH) CVSS V3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS V3.1 Score 7.5 (Sev: HIGH) CVSS V2 Vector Unavailable CVSS V2 Score Unavailable (Sev: Unavailable) Note: if cvss scores are "Unavailable" it is most likely due to the vulnerability being GHSA or BDSA without a matching CVE for nvd lookup. Product Version Release Advisory Product Release Isolation Segmentation for VMware Tanzu Platform 10.3.4 Product Release Notes: https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-pla tform-for-cloud-foundry/10-2/tpcf/segment-rn.html Security Fixes: This release has the following security fixes, listed by component. Component Vulnerabilities Resolved cf-networking CVE-2025-61729 (High) CVE-2025-67499 - GHSA-jv3w-x3r3-g6rm (Medium) CVE-2025-61727 (Medium) garden-runc CVE-2025-52881 - GHSA-cgrx-mc8f-2prm (High) CVE-2025-61729 (High) CVE-2025-67499 - GHSA-jv3w-x3r3-g6rm (Medium) CVE-2025-61727 (Medium) loggregator-agent No known CVE - GHSA-vrw8-fxc6-2r93 (Medium) nfs-volume CVE-2025-61729 (High) CVE-2025-61727 (Medium) silk CVE-2025-61729 (High) CVE-2025-67499 - GHSA-jv3w-x3r3-g6rm (Medium) CVE-2025-61727 (Medium) smb-volume CVE-2025-61729 (High) CVE-2025-61727 (Medium) smoke-tests CVE-2025-6442 - GHSA-r995-q44h-hr64 (Medium) CVE-2024-21510 - GHSA-hxx2-7vcw-mqr3 (Medium) CVE-2025-61921 - GHSA-mr3q-g2mv-mr4q (Low) syslog CVE-2025-61729 (High) CVE-2025-58187 (High) CVE-2025-61727 (Medium) ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================