Vulnerabilities > Purestorage > Purity FA > 6.1.12

DATE CVE VULNERABILITY TITLE RISK
2024-09-23 CVE-2024-0002 Unspecified vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
network
low complexity
purestorage
critical
9.8
2024-09-23 CVE-2024-0003 Unspecified vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
network
low complexity
purestorage
7.2
2024-09-23 CVE-2024-0004 Code Injection vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
network
low complexity
purestorage CWE-94
7.2
2024-09-23 CVE-2024-0005 Command Injection vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
network
low complexity
purestorage CWE-77
8.8
2023-10-03 CVE-2023-28373 Unspecified vulnerability in Purestorage Purity//Fa
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
network
low complexity
purestorage
2.7
2023-10-03 CVE-2023-36628 Unspecified vulnerability in Purestorage Purity//Fa
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
network
low complexity
purestorage
8.8
2022-06-23 CVE-2022-32552 Unspecified vulnerability in Purestorage Purity//Fa
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges.
network
low complexity
purestorage
8.8
2022-06-23 CVE-2022-32553 Unspecified vulnerability in Purestorage Purity//Fa
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges.
network
low complexity
purestorage
8.8
2022-06-23 CVE-2022-32554 Unspecified vulnerability in Purestorage Purity//Fa
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface.
network
low complexity
purestorage
critical
9.8