Vulnerabilities > Purestorage > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-23 | CVE-2024-0001 | Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | 9.8 |
| 2024-09-23 | CVE-2024-0002 | Unspecified vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | 9.8 |
| 2022-07-11 | CVE-2022-31524 | Path Traversal vulnerability in Purestorage Pure Swagger The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
| 2022-06-23 | CVE-2022-32554 | Unspecified vulnerability in Purestorage Purity//Fa Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. | 9.8 |