SB2025030402 - VMware Tanzu Greenplum update for third-party components
Published: March 4, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper Privilege Management (CVE-ID: CVE-2024-0985)
The vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY. A remote user who is an object creator can execute arbitrary SQL functions as the command issuer.
2) Use of Potentially Dangerous Function (CVE-ID: CVE-2023-7101)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when parsing Excel files. A remote attacker can pass a specially crafted file to the application and execute arbitrary code on the system.
Remediation
Install update from vendor's website.
References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25466"
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25466</a></p><p>
- https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-greenplum/7/greenplum-database/relnotes-release-notes.html</p><p><br></p>