Vulnerabilities > Purestorage

DATE CVE VULNERABILITY TITLE RISK
2024-09-23 CVE-2024-0001 Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
network
low complexity
purestorage CWE-1188
critical
9.8
2024-09-23 CVE-2024-0002 Unspecified vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
network
low complexity
purestorage
critical
9.8
2024-09-23 CVE-2024-0003 Unspecified vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
network
low complexity
purestorage
7.2
2024-09-23 CVE-2024-0004 Code Injection vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
network
low complexity
purestorage CWE-94
7.2
2024-09-23 CVE-2024-0005 Command Injection vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
network
low complexity
purestorage CWE-77
8.8
2023-10-03 CVE-2023-28373 Unspecified vulnerability in Purestorage Purity//Fa
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
network
low complexity
purestorage
2.7
2023-10-03 CVE-2023-32572 Unspecified vulnerability in Purestorage Purity//Fa
A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
network
low complexity
purestorage
4.9
2023-10-03 CVE-2023-36628 Unspecified vulnerability in Purestorage Purity//Fa
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
network
low complexity
purestorage
8.8
2023-10-02 CVE-2023-28372 Unspecified vulnerability in Purestorage Purity
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
network
low complexity
purestorage
2.7
2023-10-02 CVE-2023-31042 Unspecified vulnerability in Purestorage Purity
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
network
low complexity
purestorage
4.3