Purestorage
Products
5- 16 CVEs
- 9 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
25| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-3057 | Cri | 0.64 | 9.8 | 0.00 | Oct 8, 2024 | A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. | ||
| CVE-2023-4976 | Cri | 0.60 | — | 0.00 | Jul 17, 2024 | A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array. | ||
| CVE-2026-6445 | Hig | 0.57 | — | 0.00 | Jun 9, 2026 | A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges. | ||
| CVE-2025-0051 | Hig | 0.57 | — | 0.00 | Jun 10, 2025 | Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service. | ||
| CVE-2026-6444 | Hig | 0.56 | — | 0.00 | Jun 9, 2026 | A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges. | ||
| CVE-2025-1308 | Hig | 0.55 | — | 0.00 | May 19, 2025 | A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions. | ||
| CVE-2025-0052 | Hig | 0.54 | — | 0.00 | Jun 10, 2025 | Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service. | ||
| CVE-2026-0209 | Med | 0.45 | — | 0.00 | Apr 14, 2026 | Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured. | ||
| CVE-2017-7352 | Med | 0.35 | 5.4 | 0.01 | Oct 11, 2017 | Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen. | ||
| CVE-2025-2327 | Med | 0.33 | — | 0.00 | Jun 16, 2025 | A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured. | ||
| CVE-2025-9127 | 0.00 | — | 0.00 | Dec 4, 2025 | A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions. | |||
| CVE-2024-0005 | 0.00 | — | 0.01 | Sep 23, 2024 | A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | |||
| CVE-2024-0004 | 0.00 | — | 0.01 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | |||
| CVE-2024-0003 | 0.00 | — | 0.00 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | |||
| CVE-2024-0002 | 0.00 | — | 0.01 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | |||
| CVE-2024-0001 | 0.00 | — | 0.01 | Sep 23, 2024 | A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | |||
| CVE-2023-36628 | 0.00 | — | 0.00 | Oct 2, 2023 | A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. | |||
| CVE-2023-32572 | 0.00 | — | 0.00 | Oct 2, 2023 | A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. | |||
| CVE-2023-28373 | 0.00 | — | 0.00 | Oct 2, 2023 | A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. | |||
| CVE-2023-36627 | 0.00 | — | 0.00 | Oct 2, 2023 | A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. |
- risk 0.64cvss 9.8epss 0.00
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
- risk 0.60cvss —epss 0.00
A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.
- risk 0.57cvss —epss 0.00
A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges.
- risk 0.57cvss —epss 0.00
Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.
- risk 0.56cvss —epss 0.00
A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.
- risk 0.55cvss —epss 0.00
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.
- risk 0.54cvss —epss 0.00
Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.
- risk 0.45cvss —epss 0.00
Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.
- risk 0.35cvss 5.4epss 0.01
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
- risk 0.33cvss —epss 0.00
A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.
- CVE-2025-9127Dec 4, 2025risk 0.00cvss —epss 0.00
A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.
- CVE-2024-0005Sep 23, 2024risk 0.00cvss —epss 0.01
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
- CVE-2024-0004Sep 23, 2024risk 0.00cvss —epss 0.01
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
- CVE-2024-0003Sep 23, 2024risk 0.00cvss —epss 0.00
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
- CVE-2024-0002Sep 23, 2024risk 0.00cvss —epss 0.01
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
- CVE-2024-0001Sep 23, 2024risk 0.00cvss —epss 0.01
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
- CVE-2023-36628Oct 2, 2023risk 0.00cvss —epss 0.00
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
- CVE-2023-32572Oct 2, 2023risk 0.00cvss —epss 0.00
A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
- CVE-2023-28373Oct 2, 2023risk 0.00cvss —epss 0.00
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
- CVE-2023-36627Oct 2, 2023risk 0.00cvss —epss 0.00
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.