Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN431 _____________________________________________________________________ DATE : 27/04/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Tanzu Greenplum Platform Extension Framework versions prior to 8.0.0. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405 _____________________________________________________________________ VMware Tanzu Greenplum Platform Extension Framework 8.0.0 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Suite VMware Tanzu Greenplum Notification Id 37405 Last Updated 24 April 2026 Initial Publication Date 24 April 2026 Status CLOSED Severity CRITICAL CVSS Base Score 9.8 WorkAround Affected CVE Security Advisory Advisory ID: TNZ-2026-0259 Severity: Critical Issue Date: 2026-04-24 Updated on: Synopsis Fixed 105 CVEs related to Spring Framework/Boot dependencies, Tomcat dependencies, Hadoop and Hive dependencies, Parquet and ORC dependencies, Golang dependencies, PostgreSQL JDBC Driver dependencies, AWS SDK for Java dependencies and some other dependencies. Product Version Release Advisory Tanzu Greenplum Platform Extension Framework 8.0.0 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-greenplum-platform-extension-framework/8-0/gp-pxf/cve-pxf.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Tanzu Greenplum Platform Extension Framework CVE‑2019‑14892 CVE‑2018‑5968 CVE‑2025‑24970 CVE‑2019‑20330 CVE‑2018‑14719 CVE‑2019‑17531 CVE‑2024‑23454 CVE‑2022‑1471 CVE‑2020‑24750 CVE‑2020‑11619 CVE‑2024‑26308 CVE‑2020‑14060 CVE‑2023‑2976 CVE‑2016‑1000027 CVE‑2025‑52999 CVE‑2020‑24616 CVE‑2022‑42004 CVE‑2020‑36186 CVE‑2020‑35728 CVE‑2020‑10650 CVE‑2020‑36179 CVE‑2025‑25193 CVE‑2019‑14379 CVE‑2020‑8908 CVE‑2020‑36184 CVE‑2025‑59419 CVE‑2020‑36181 CVE‑2020‑36187 CVE‑2020‑14195 CVE‑2018‑7489 CVE‑2020‑36183 CVE‑2019‑16942 CVE‑2018‑11307 CVE‑2019‑12814 CVE‑2022‑42003 CVE‑2025‑67721 CVE‑2019‑14439 CVE‑2019‑17267 CVE‑2025‑68161 CVE‑2019‑16335 CVE‑2020‑36189 CVE‑2022‑38751 CVE‑2017‑17485 CVE‑2022‑38749 CVE‑2020‑11620 CVE‑2020‑10969 CVE‑2020‑11111 CVE‑2017‑7525 CVE‑2020‑10672 CVE‑2025‑67735 CVE‑2022‑38752 CVE‑2025‑58056 CVE‑2022‑38750 CVE‑2024‑29131 CVE‑2022‑3509 CVE‑2019‑12384 CVE‑2022‑3510 CVE‑2022‑41854 CVE‑2020‑36180 CVE‑2020‑36518 CVE‑2020‑14061 CVE‑2017‑15095 CVE‑2020‑9546 CVE‑2022‑25857 CVE‑2020‑36182 CVE‑2020‑14062 CVE‑2020‑9547 CVE‑2020‑11112 CVE‑2020‑10968 CVE‑2024‑29133 CVE‑2024‑47554 CVE‑2019‑12086 CVE‑2018‑14718 CVE‑2018‑19362 CVE‑2018‑1320 CVE‑2021‑22573 CVE‑2025‑49128 CVE‑2020‑36185 CVE‑2024‑36114 CVE‑2020‑8840 CVE‑2024‑25710 CVE‑2019‑14540 CVE‑2025‑55163 CVE‑2020‑36188 CVE‑2020‑35491 CVE‑2020‑9548 CVE‑2019‑16943 CVE‑2018‑12022 CVE‑2020‑10673 CVE‑2020‑25649 CVE‑2020‑11113 CVE‑2025‑58057 CVE‑2021‑20190 CVE‑2025‑33042 CVE‑2020‑35490 CVE‑2021‑22569 CVE‑2022‑3171 CVE‑2024‑7254 CVE‑2026‑32280 CVE‑2026‑34483 CVE‑2026‑34486 CVE‑2026‑34487 CVE‑2026‑34500 CVE‑2026‑34480 CVE‑2026‑33816 History 2026-04-24: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories https://tanzu.vmware.com/security ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================