VYPR

FlashArray

by Purestorage

CVEs (16)

  • CVE-2024-0002CriSep 23, 2024
    risk 0.65cvss 10.0epss 0.01

    A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.

  • CVE-2024-0001CriSep 23, 2024
    risk 0.65cvss 10.0epss 0.01

    A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.

  • CVE-2024-3057CriOct 8, 2024
    risk 0.64cvss 9.8epss 0.00

    A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.

  • CVE-2022-32554CriJun 23, 2022
    risk 0.64cvss 9.8epss 0.01

    Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB…

  • CVE-2024-0005CriSep 23, 2024
    risk 0.59cvss 9.1epss 0.01

    A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.

  • CVE-2024-0004CriSep 23, 2024
    risk 0.59cvss 9.1epss 0.01

    A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.

  • CVE-2024-0003CriSep 23, 2024
    risk 0.59cvss 9.1epss 0.00

    A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.

  • CVE-2026-6445HigJun 9, 2026
    risk 0.57cvss epss 0.00

    A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges.

  • CVE-2025-0051HigJun 10, 2025
    risk 0.57cvss epss 0.00

    Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.

  • CVE-2023-36628HigOct 3, 2023
    risk 0.57cvss 8.8epss 0.00

    A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

  • CVE-2022-32553HigJun 23, 2022
    risk 0.57cvss 8.8epss 0.01

    Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB…

  • CVE-2022-32552HigJun 23, 2022
    risk 0.57cvss 8.8epss 0.01

    Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB…

  • CVE-2026-6444HigJun 9, 2026
    risk 0.56cvss epss 0.00

    A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.

  • CVE-2023-32572MedOct 3, 2023
    risk 0.42cvss 6.5epss 0.00

    A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.

  • CVE-2025-2327MedJun 16, 2025
    risk 0.33cvss epss 0.00

    A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.

  • CVE-2023-28373MedOct 3, 2023
    risk 0.29cvss 4.4epss 0.00

    A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.