cbcvebase.

Purestorage Purity Fa vulnerabilities

11 known vulnerabilities affecting purestorage/purity_fa.

Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH6MEDIUM1LOW1

Vulnerabilities

Page 1 of 1
CVE-2022-32554P2CRITICALCVSS 9.8fixed in 5.3.18≥ 6.0.0, < 6.0.9+2 more2022-06-23
CVE-2022-32554 [CRITICAL] CVE-2022-32554: Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5. Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s m
nvd
CVE-2024-0002P2CRITICALCVSS 9.8≥ 5.3.17, ≤ 5.3.21≥ 6.0.7, ≤ 6.0.9+5 more2024-09-23
CVE-2024-0002 [CRITICAL] CWE-287 CVE-2024-0002: A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
nvd
CVE-2024-0005P3HIGHCVSS 8.8≥ 5.0.0, ≤ 5.0.11≥ 5.1.0, ≤ 5.1.17+9 more2024-09-23
CVE-2024-0005 [HIGH] CWE-77 CVE-2024-0005: A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitr A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
nvd
CVE-2024-0001P3CRITICALCVSS 9.8≥ 6.3.0, ≤ 6.3.14≥ 6.4.0, ≤ 6.4.102024-09-23
CVE-2024-0001 [CRITICAL] CWE-1188 CVE-2024-0001: A condition exists in FlashArray Purity whereby a local account intended for initial array configura A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
nvd
CVE-2022-32552P3HIGHCVSS 8.8fixed in 5.3.18≥ 6.0.0, < 6.0.9+2 more2022-06-23
CVE-2022-32552 [HIGH] CVE-2022-32552: Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5. Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environm
nvd
CVE-2022-32553P3HIGHCVSS 8.8fixed in 5.3.18≥ 6.0.0, < 6.0.9+2 more2022-06-23
CVE-2022-32553 [HIGH] CVE-2022-32553: Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5. Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment var
nvd
CVE-2023-36628P3HIGHCVSS 8.8≥ 6.1.0, ≤ 6.3.11≥ 6.4.0, ≤ 6.4.52023-10-03
CVE-2023-36628 [HIGH] CWE-269 CVE-2023-36628: A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
nvd
CVE-2024-0004P3HIGHCVSS 7.2≥ 5.0.0, ≤ 5.0.11≥ 5.1.0, ≤ 5.1.17+8 more2024-09-23
CVE-2024-0004 [HIGH] CWE-94 CVE-2024-0004: A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
nvd
CVE-2024-0003P3HIGHCVSS 7.2≥ 5.3.17, ≤ 5.3.21≥ 6.0.7, ≤ 6.0.9+5 more2024-09-23
CVE-2024-0003 [HIGH] CWE-269 CVE-2024-0003: A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative s A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
nvd
CVE-2023-32572P4MEDIUMCVSS 4.9≥ 6.3.0, ≤ 6.3.7≥ 6.4.0, ≤ 6.4.12023-10-03
CVE-2023-32572 [MEDIUM] CWE-284 CVE-2023-32572: A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can a A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
nvd
CVE-2023-28373P4LOWCVSS 2.7≥ 6.1.0, ≤ 6.1.22≥ 6.2.0, ≤ 6.2.15+2 more2023-10-03
CVE-2023-28373 [LOW] CVE-2023-28373: A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key man A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
nvd
Purestorage Purity Fa vulnerabilities | cvebase