Product Release Advisory - VMware Tanzu GemFire Session Management 1.1.1

Product/Component

VMware Tanzu Data Intelligence

3 more products

Notification Id

37261

Last Updated

20 March 2026

Initial Publication Date

20 March 2026

Status

CLOSED

Severity

CRITICAL

CVSS Base Score

9.6

WorkAround

Affected CVE

Security Advisory

Advisory ID:	TNZ-2026-0243
Severity:	Critical
Issue Date:	2026-03-19
Updated on:
Synopsis	Bumped multiple dependencies which resulted in at least eighteen CVEs remediated in this release

Product Version Release Advisory

VMware Tanzu GemFire Session Management 1.1.1
https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire-session-management/1-1/gf-sm/release_notes.html

Security Fixes

This release has the following security fixes, listed by component and area.

Component

Vulnerabilities Resolved

Apache Tomcat 9
Apache Tomcat 10.1
Apache Tomcat 11

CVE-2025-31651 (critical)

CVE-2025-31650 (high)

CVE-2025-46701 (high)

CVE-2025-55668 (medium)

CVE-2025-49125 (high)

CVE-2025-49124 (high)

CVE-2025-48988 (high)

CVE-2025-48976 (high)

CVE-2025-52434 (high)

CVE-2025-52520 (high)

CVE-2025-53506 (high)

CVE-2025-48989 (high)

CVE-2025-55754 (critical)

CVE-2025-55752 (high)

CVE-2025-61795 (medium)

CVE-2026-24733 (medium)

CVE-2025-66614 (critical)

CVE-2026-24734 (high)

History

2026-03-19: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security