Product Release Advisory - VMware Tanzu GemFire Vector Database 1.2.1

Product/Component

VMware Tanzu Data Intelligence

3 more products

Notification Id

37260

Last Updated

20 March 2026

Initial Publication Date

20 March 2026

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

WorkAround

Affected CVE

Security Advisory

Advisory ID:	TNZ-2026-0244
Severity:	Medium
Issue Date:	2026-03-19
Updated on:
Synopsis	Bumped multiple dependencies which resulted in at least six CVEs remediated in this release

Product Version Release Advisory

VMware Tanzu GemFire Vector Database 1.2.1
https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire-vector-database/1-2/gf-vector-db/release_notes.html

Security Fixes

This release has the following security fixes, listed by component and area.

Component	Vulnerabilities Resolved
commons-fileupload	CVE-2025-48976 (medium)
commons-lang3	CVE-2025-48924 (medium)
spring-boot	CVE-2025-22235 (medium) CVE-2024-38807 (medium)
spring-security-core	CVE-2025-22228 (medium)
json-smart	CVE-2024-57699 (medium)

History

2026-03-19: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security