Tranzman
Monthly
Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints (including Scheduler and Actions pages). [CVSS 7.2 HIGH]
Tranzman versions up to 4.0 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability. [CVSS 7.2 HIGH]
Tranzman versions up to 4.0 is affected by insufficient verification of data authenticity (CVSS 7.2).
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files. [CVSS 7.2 HIGH]
Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints (including Scheduler and Actions pages). [CVSS 7.2 HIGH]
Tranzman versions up to 4.0 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability. [CVSS 7.2 HIGH]
Tranzman versions up to 4.0 is affected by insufficient verification of data authenticity (CVSS 7.2).
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files. [CVSS 7.2 HIGH]