Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by Pure Storage
CVE-2025-9127 (GCVE-0-2025-9127)
Vulnerability from cvelistv5 – Published: 2025-12-04 17:59 – Updated: 2025-12-04 20:00
VLAI
Title
PX Enterprise Improper Sanitization Vulnerability
Summary
A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | PX Enterprise |
Affected:
3.3.0, 3.3.1, 3.3.1.1, 3.3.1.2
(custom)
Affected: 3.2.0, 3.2.1, 3.2.2, 3.2.3 (custom) Affected: 3.1.1 , ≤ 3.1.8 (custom) Affected: 2.13.12 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-04T18:55:05.404762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:00:49.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PX Enterprise",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "3.3.0, 3.3.1, 3.3.1.1, 3.3.1.2",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.2.0, 3.2.1, 3.2.2, 3.2.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.8",
"status": "affected",
"version": "3.1.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "2.13.12",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions."
}
],
"impacts": [
{
"capecId": "CAPEC-268",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-268 Audit Log Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T17:59:39.985Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/category/m_pure_storage_product_security"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is resolved in the following PX Enterprise releases:\u003c/p\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003ePortworx Enterprise 3.1.9 or later\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePortworx Enterprise 3.2.4 or later\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePortworx Enterprise 3.3.1.3 or later\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in the following PX Enterprise releases:\n\n * Portworx Enterprise 3.1.9 or later\n\n\n * Portworx Enterprise 3.2.4 or later\n\n\n * Portworx Enterprise 3.3.1.3 or later"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "PX Enterprise Improper Sanitization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2025-9127",
"datePublished": "2025-12-04T17:59:39.985Z",
"dateReserved": "2025-08-18T19:54:46.984Z",
"dateUpdated": "2025-12-04T20:00:49.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2327 (GCVE-0-2025-2327)
Vulnerability from cvelistv5 – Published: 2025-06-16 16:23 – Updated: 2025-06-16 16:36
VLAI
Title
FlashArray KEK Logging Vulnerability
Summary
A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashArray |
Affected:
6.0.0 , ≤ 6.0.9
(cpe)
Affected: 6.1.0 , ≤ 6.1.25 (cpe) Affected: 6.2.0 , ≤ 6.2.17 (cpe) Affected: 6.3.0 , ≤ 6.3.21 (cpe) Affected: 6.4.0 , ≤ 6.4.10 (cpe) Affected: 6.5.0 , ≤ 6.5.10 (cpe) Affected: 6.6.0 , ≤ 6.6.11 (cpe) Affected: 6.7.0 , ≤ 6.7.3 (cpe) Affected: 6.8.0 , ≤ 6.8.5 (cpe) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:36:21.699210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:36:57.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Purity"
],
"product": "FlashArray",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "6.3.21",
"status": "affected",
"version": "6.3.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "6.5.10",
"status": "affected",
"version": "6.5.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "6.6.11",
"status": "affected",
"version": "6.6.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "6.7.3",
"status": "affected",
"version": "6.7.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "6.8.5",
"status": "affected",
"version": "6.8.0",
"versionType": "cpe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured."
}
],
"impacts": [
{
"capecId": "CAPEC-268",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-268 Audit Log Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:23:35.481Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/category/m_pure_storage_product_security"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is resolved in the following FlashArray Purity (OE) versions\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003ePurity//FA 6.5.11\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePurity//FA 6.7.4\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePurity//FA 6.8.6\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in the following FlashArray Purity (OE) versions\n\n * Purity//FA 6.5.11\n\n\n * Purity//FA 6.7.4\n\n\n * Purity//FA 6.8.6"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashArray KEK Logging Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2025-2327",
"datePublished": "2025-06-16T16:23:35.481Z",
"dateReserved": "2025-03-14T19:17:19.643Z",
"dateUpdated": "2025-06-16T16:36:57.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0052 (GCVE-0-2025-0052)
Vulnerability from cvelistv5 – Published: 2025-06-10 17:39 – Updated: 2025-06-11 14:41
VLAI
Title
FlashBlade DOS Vulnerability
Summary
Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashBlade |
Affected:
3.3.0 , ≤ 3.3.11
(cpe)
Affected: 4.0.0 , ≤ 4.0.6 (cpe) Affected: 4.1.0 , ≤ 4.1.20 (cpe) Affected: 4.2.0 , ≤ 4.2.3 (cpe) Affected: 4.3.0 , ≤ 4.3.12 (cpe) Affected: 4.4.0 , ≤ 4.4.6 (cpe) Affected: 4.5.0 , ≤ 4.5.2 (cpe) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:40:55.280101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:41:02.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Purity"
],
"product": "FlashBlade",
"vendor": "Pure Storage",
"versions": [
{
"changes": [
{
"at": "security-patch-fb-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.3.11",
"status": "affected",
"version": "3.3.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fb-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fb-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.1.20",
"status": "affected",
"version": "4.1.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fb-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fb-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fb-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "4.4.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fb-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.5.2",
"status": "affected",
"version": "4.5.0",
"versionType": "cpe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.\u003c/p\u003e"
}
],
"value": "Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T17:39:21.299Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCVE-2025-0052 is resolved in the following FlashBlade //Purity versions:\u003c/span\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003ePurity//FB 4.3.13 or later\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003ePurity//FB 4.4.7 or later\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003ePurity//FB 4.5.3 or later\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003ci\u003e\u003c/i\u003eor\u003cbr\u003e\u003cbr\u003eapply \u003cb\u003esecurity-patch-fb-2025-A\u003c/b\u003e"
}
],
"value": "CVE-2025-0052 is resolved in the following FlashBlade //Purity versions: * Purity//FB 4.3.13 or later\n\n\n\n\n * Purity//FB 4.4.7 or later\n\n\n\n\n * Purity//FB 4.5.3 or later\n\n\n\n\nor\n\napply security-patch-fb-2025-A"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FlashBlade DOS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2025-0052",
"datePublished": "2025-06-10T17:39:21.299Z",
"dateReserved": "2024-12-04T17:42:04.001Z",
"dateUpdated": "2025-06-11T14:41:02.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0051 (GCVE-0-2025-0051)
Vulnerability from cvelistv5 – Published: 2025-06-10 17:29 – Updated: 2025-06-11 14:42
VLAI
Title
FlashArray DOS Vulnerability
Summary
Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashArray |
Affected:
5.0.0 , ≤ 5.0.11
(cpe)
Affected: 5.1.1 , ≤ 5.1.17 (cpe) Affected: 5.2.0 , ≤ 5.2.7 (cpe) Affected: 5.3.0 , ≤ 5.3.21 (cpe) Affected: 6.0.0 , ≤ 6.0.9 (cpe) Affected: 6.1.0 , ≤ 6.1.25 (cpe) Affected: 6.2.0 , ≤ 6.2.17 (cpe) Affected: 6.3.0 , ≤ 6.3.20 (cpe) Affected: 6.4.0 , ≤ 6.4.10 (cpe) Affected: 6.5.0 , ≤ 6.5.9 (cpe) Affected: 6.6.0 , ≤ 6.6.11 (cpe) Affected: 6.7.0 , ≤ 6.7.1 (cpe) Affected: 6.8.0 , ≤ 6.8.2 (cpe) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:42:26.505856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:42:30.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Purity"
],
"product": "FlashArray",
"vendor": "Pure Storage",
"versions": [
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.11",
"status": "affected",
"version": "5.0.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.1.17",
"status": "affected",
"version": "5.1.1",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.2.7",
"status": "affected",
"version": "5.2.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.3.21",
"status": "affected",
"version": "5.3.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.3.20",
"status": "affected",
"version": "6.3.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.5.9",
"status": "affected",
"version": "6.5.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.6.11",
"status": "affected",
"version": "6.6.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.7.1",
"status": "affected",
"version": "6.7.0",
"versionType": "cpe"
},
{
"changes": [
{
"at": "security-patch-fa-2025-A",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.8.2",
"status": "affected",
"version": "6.8.0",
"versionType": "cpe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.\u003c/p\u003e"
}
],
"value": "Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T17:29:43.451Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCVE-2025-0051 is resolved in the following FlashArray //Purity versions:\u003c/span\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003ePurity//FA 6.5.10 or later\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePurity//FA 6.7.2 or later\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePurity//FA 6.8.3 or later\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eor \u003cbr\u003e\u003cbr\u003eapply \u003cb\u003esecurity-patch-fa-2025-A\u003c/b\u003e"
}
],
"value": "CVE-2025-0051 is resolved in the following FlashArray //Purity versions: * Purity//FA 6.5.10 or later\n\n\n * Purity//FA 6.7.2 or later\n\n\n * Purity//FA 6.8.3 or later\n\n\n\n\n\nor \n\napply security-patch-fa-2025-A"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashArray DOS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2025-0051",
"datePublished": "2025-06-10T17:29:43.451Z",
"dateReserved": "2024-12-04T17:41:50.416Z",
"dateUpdated": "2025-06-11T14:42:30.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1308 (GCVE-0-2025-1308)
Vulnerability from cvelistv5 – Published: 2025-05-19 21:18 – Updated: 2025-05-20 14:19
VLAI
Title
PX Backup Improper Sanitization Vulnerability
Summary
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | PX Backup |
Affected:
1.0.0 , ≤ 2.6.0
(custom)
Affected: 2.7.0 , ≤ 2.7.3 (custom) Affected: 2.8.0 , ≤ 2.8.1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T14:19:07.947427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:19:51.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PX Backup",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "2.6.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.7.3",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.8.1",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions."
}
],
"impacts": [
{
"capecId": "CAPEC-268",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-268 Audit Log Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T21:18:33.263Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Security"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is resolved in the following PX Backup releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003ePX Backup 2.6.1 or later\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePX Backup 2.7.4 or later\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePX Backup 2.8.2 or later\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This issue is resolved in the following PX Backup releases:\n\n * PX Backup 2.6.1 or later\n\n\n * PX Backup 2.7.4 or later\n\n\n * PX Backup 2.8.2 or later"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "PX Backup Improper Sanitization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2025-1308",
"datePublished": "2025-05-19T21:18:33.263Z",
"dateReserved": "2025-02-14T19:10:44.835Z",
"dateUpdated": "2025-05-20T14:19:51.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0001 (GCVE-0-2024-0001)
Vulnerability from cvelistv5 – Published: 2024-09-23 17:25 – Updated: 2024-09-23 17:57
VLAI
Summary
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://purestorage.com/security | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashArray |
Affected:
6.3.0 , ≤ 6.3.14
(custom)
Affected: 6.4.0 , ≤ 6.4.10 (custom) |
|
| purestorage | flasharray |
Affected:
6.3.0 , ≤ 6.3.14
(custom)
cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:* |
|
| purestorage | flasharray |
Affected:
6.4.0 , ≤ 6.4.10
(custom)
cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flasharray",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "6.3.14",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flasharray",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T17:51:47.992533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T17:57:24.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Purity"
],
"product": "FlashArray",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "6.3.14",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T17:34:40.076Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://purestorage.com/security"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAffected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\u003cbr\u003e\n\u003cbr\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashArray Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.3.15 or later\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.5.1 or later\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.6.1 or later.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
}
],
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later\u00a0\n * Purity//FA versions 6.5.1 or later\u00a0\n * Purity//FA versions 6.6.1 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2024-0001",
"datePublished": "2024-09-23T17:25:00.509Z",
"dateReserved": "2023-11-01T17:08:46.055Z",
"dateUpdated": "2024-09-23T17:57:24.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36628 (GCVE-0-2023-36628)
Vulnerability from cvelistv5 – Published: 2023-10-02 23:15 – Updated: 2024-09-23 13:35
VLAI
Title
Privilege Escalation in VASA
Summary
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashArray Purity |
Affected:
6.1.*
Affected: 6.2.* Affected: 6.3.0 , ≤ 6.3.11 (custom) Affected: 6.4.0 , ≤ 6.4.5 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36628",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:35:38.192072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:35:46.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"VMware vSphere VASA Service"
],
"product": "FlashArray Purity",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "6.1.*"
},
{
"status": "affected",
"version": "6.2.*"
},
{
"lessThanOrEqual": "6.3.11",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T23:15:28.716Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashArray Purity (OE) versions 6.3.12 and later, 6.4.6 and later.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashArray Purity (OE) versions 6.3.12 and later, 6.4.6 and later.\u00a0\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Privilege Escalation in VASA",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-36628",
"datePublished": "2023-10-02T23:15:28.716Z",
"dateReserved": "2023-06-25T15:05:39.900Z",
"dateUpdated": "2024-09-23T13:35:46.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32572 (GCVE-0-2023-32572)
Vulnerability from cvelistv5 – Published: 2023-10-02 23:09 – Updated: 2024-09-23 13:39
VLAI
Title
FlashArray pgroup Retention Lock SafeMode Protection
Summary
A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashArray Purity |
Affected:
6.3.0 , ≤ 6.3.7
(custom)
Affected: 6.4.0 , ≤ 6.4.1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_-_FlashArray_pgroup_Retention_Lock_SafeMode_Protection_CVE-2023-32572"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:38:39.550387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:39:45.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"pgroup SafeMode"
],
"product": "FlashArray Purity",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "6.3.7",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.1",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T23:09:04.606Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_-_FlashArray_pgroup_Retention_Lock_SafeMode_Protection_CVE-2023-32572"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashArray Purity (OE) versions 6.3.8 and later, 6.4.3 and later.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashArray Purity (OE) versions 6.3.8 and later, 6.4.3 and later.\u00a0\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashArray pgroup Retention Lock SafeMode Protection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-32572",
"datePublished": "2023-10-02T23:09:04.606Z",
"dateReserved": "2023-05-10T05:04:37.537Z",
"dateUpdated": "2024-09-23T13:39:45.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28373 (GCVE-0-2023-28373)
Vulnerability from cvelistv5 – Published: 2023-10-02 23:02 – Updated: 2024-09-23 13:43
VLAI
Title
FlashArray SafeMode Immutable Vulnerability
Summary
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashArray Purity |
Affected:
6.1.0 , ≤ 6.1.22
(custom)
Affected: 6.2.0 , ≤ 6.2.15 (custom) Affected: 6.3.0 , ≤ 6.3.6 (custom) Affected: 6.4.0 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:43:15.300807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:43:23.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"SafeMode"
],
"product": "FlashArray Purity",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "6.1.22",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.15",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.3.6",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mountain America Credit Union (MACU) "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T23:02:31.591Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7 or later, 6.4.1 or later\n"
}
],
"source": {
"discovery": "USER"
},
"title": "FlashArray SafeMode Immutable Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-28373",
"datePublished": "2023-10-02T23:02:31.591Z",
"dateReserved": "2023-03-15T04:06:47.635Z",
"dateUpdated": "2024-09-23T13:43:23.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36627 (GCVE-0-2023-36627)
Vulnerability from cvelistv5 – Published: 2023-10-02 22:47 – Updated: 2024-09-23 13:44
VLAI
Title
FlashBlade Snapshot Scheduler
Summary
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashBlade Purity |
Affected:
0 , ≤ 3.3.7
(custom)
Affected: 4.0.0 , ≤ 4.0.5 (custom) Affected: 4.1.0 , ≤ 4.1.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:53.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:44:24.331319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:44:34.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlashBlade Purity",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "3.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.2",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:48:34.766Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Snapshot Scheduler",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-36627",
"datePublished": "2023-10-02T22:47:12.443Z",
"dateReserved": "2023-06-25T15:05:39.900Z",
"dateUpdated": "2024-09-23T13:44:34.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31042 (GCVE-0-2023-31042)
Vulnerability from cvelistv5 – Published: 2023-10-02 22:39 – Updated: 2024-09-23 13:48
VLAI
Title
FlashBlade Object Store Protocol
Summary
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashBlade Purity |
Affected:
3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:48:23.809519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:48:31.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Replication",
"Snapshot Availability"
],
"product": "FlashBlade Purity",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:39:02.597Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Object Store Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-31042",
"datePublished": "2023-10-02T22:39:02.597Z",
"dateReserved": "2023-04-23T18:57:20.519Z",
"dateUpdated": "2024-09-23T13:48:31.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28372 (GCVE-0-2023-28372)
Vulnerability from cvelistv5 – Published: 2023-10-02 22:20 – Updated: 2024-09-20 14:50
VLAI
Title
FlashBlade Object Store Privileged Access
Summary
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashBlade |
Affected:
4.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T14:50:35.903525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:50:53.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlashBlade",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:20:21.550Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Object Store Privileged Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-28372",
"datePublished": "2023-10-02T22:20:21.550Z",
"dateReserved": "2023-03-15T04:06:47.634Z",
"dateUpdated": "2024-09-20T14:50:53.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}