FlashArray
by Purestorage
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0051 | Hig | 0.57 | — | 0.00 | Jun 10, 2025 | Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service. | ||
| CVE-2025-2327 | Med | 0.33 | — | 0.00 | Jun 16, 2025 | A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured. | ||
| CVE-2024-0005 | 0.00 | — | 0.00 | Sep 23, 2024 | A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | |||
| CVE-2024-0004 | 0.00 | — | 0.00 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | |||
| CVE-2024-0003 | 0.00 | — | 0.00 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | |||
| CVE-2024-0002 | 0.00 | — | 0.00 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | |||
| CVE-2024-0001 | 0.00 | — | 0.02 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | |||
| CVE-2023-36628 | 0.00 | — | 0.00 | Oct 2, 2023 | A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. | |||
| CVE-2023-32572 | 0.00 | — | 0.00 | Oct 2, 2023 | A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. | |||
| CVE-2023-28373 | 0.00 | — | 0.00 | Oct 2, 2023 | A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. |
- risk 0.57cvss —epss 0.00
Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.
- risk 0.33cvss —epss 0.00
A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.
- CVE-2024-0005Sep 23, 2024risk 0.00cvss —epss 0.00
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
- CVE-2024-0004Sep 23, 2024risk 0.00cvss —epss 0.00
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
- CVE-2024-0003Sep 23, 2024risk 0.00cvss —epss 0.00
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
- CVE-2024-0002Sep 23, 2024risk 0.00cvss —epss 0.00
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
- CVE-2024-0001Sep 23, 2024risk 0.00cvss —epss 0.02
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
- CVE-2023-36628Oct 2, 2023risk 0.00cvss —epss 0.00
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
- CVE-2023-32572Oct 2, 2023risk 0.00cvss —epss 0.00
A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
- CVE-2023-28373Oct 2, 2023risk 0.00cvss —epss 0.00
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.