FlashArray
by Purestorage
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0002 | Cri | 0.65 | 10.0 | 0.01 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | ||
| CVE-2024-0001 | Cri | 0.65 | 10.0 | 0.01 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | ||
| CVE-2024-3057 | Cri | 0.64 | 9.8 | 0.00 | Oct 8, 2024 | A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. | ||
| CVE-2022-32554 | Cri | 0.64 | 9.8 | 0.01 | Jun 23, 2022 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB… | ||
| CVE-2024-0005 | Cri | 0.59 | 9.1 | 0.01 | Sep 23, 2024 | A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | ||
| CVE-2024-0004 | Cri | 0.59 | 9.1 | 0.01 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | ||
| CVE-2024-0003 | Cri | 0.59 | 9.1 | 0.00 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | ||
| CVE-2026-6445 | Hig | 0.57 | — | 0.00 | Jun 9, 2026 | A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges. | ||
| CVE-2025-0051 | Hig | 0.57 | — | 0.00 | Jun 10, 2025 | Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service. | ||
| CVE-2023-36628 | Hig | 0.57 | 8.8 | 0.00 | Oct 3, 2023 | A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. | ||
| CVE-2022-32553 | Hig | 0.57 | 8.8 | 0.01 | Jun 23, 2022 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB… | ||
| CVE-2022-32552 | Hig | 0.57 | 8.8 | 0.01 | Jun 23, 2022 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB… | ||
| CVE-2026-6444 | Hig | 0.56 | — | 0.00 | Jun 9, 2026 | A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges. | ||
| CVE-2023-32572 | Med | 0.42 | 6.5 | 0.00 | Oct 3, 2023 | A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. | ||
| CVE-2025-2327 | Med | 0.33 | — | 0.00 | Jun 16, 2025 | A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured. | ||
| CVE-2023-28373 | Med | 0.29 | 4.4 | 0.00 | Oct 3, 2023 | A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. |
- risk 0.65cvss 10.0epss 0.01
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
- risk 0.65cvss 10.0epss 0.01
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
- risk 0.64cvss 9.8epss 0.00
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
- risk 0.64cvss 9.8epss 0.01
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB…
- risk 0.59cvss 9.1epss 0.01
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
- risk 0.59cvss 9.1epss 0.01
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
- risk 0.59cvss 9.1epss 0.00
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
- risk 0.57cvss —epss 0.00
A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges.
- risk 0.57cvss —epss 0.00
Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.
- risk 0.57cvss 8.8epss 0.00
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
- risk 0.57cvss 8.8epss 0.01
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB…
- risk 0.57cvss 8.8epss 0.01
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB…
- risk 0.56cvss —epss 0.00
A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.
- risk 0.42cvss 6.5epss 0.00
A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
- risk 0.33cvss —epss 0.00
A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.
- risk 0.29cvss 4.4epss 0.00
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.