VYPR
Vendor

Purestorage

Products
5
CVEs
25
Across products
29
Status
Private

Products

5

Recent CVEs

25
View all 25 CVEs →
  • CVE-2024-3057CriOct 8, 2024
    risk 0.64cvss 9.8epss 0.00

    A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.

  • CVE-2023-4976CriJul 17, 2024
    risk 0.60cvss epss 0.00

    A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

  • CVE-2026-6445HigJun 9, 2026
    risk 0.57cvss epss 0.00

    A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges.

  • CVE-2025-0051HigJun 10, 2025
    risk 0.57cvss epss 0.00

    Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.

  • CVE-2026-6444HigJun 9, 2026
    risk 0.56cvss epss 0.00

    A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.

  • CVE-2025-1308HigMay 19, 2025
    risk 0.55cvss epss 0.00

    A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.

  • CVE-2025-0052HigJun 10, 2025
    risk 0.54cvss epss 0.00

    Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.

  • CVE-2026-0209MedApr 14, 2026
    risk 0.45cvss epss 0.00

    Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.

  • CVE-2017-7352MedOct 11, 2017
    risk 0.35cvss 5.4epss 0.01

    Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.

  • CVE-2025-2327MedJun 16, 2025
    risk 0.33cvss epss 0.00

    A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.

  • CVE-2025-9127Dec 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.

  • CVE-2024-0005Sep 23, 2024
    risk 0.00cvss epss 0.01

    A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.

  • CVE-2024-0004Sep 23, 2024
    risk 0.00cvss epss 0.01

    A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.

  • CVE-2024-0003Sep 23, 2024
    risk 0.00cvss epss 0.00

    A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.

  • CVE-2024-0002Sep 23, 2024
    risk 0.00cvss epss 0.01

    A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.

  • CVE-2024-0001Sep 23, 2024
    risk 0.00cvss epss 0.01

    A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.

  • CVE-2023-36628Oct 2, 2023
    risk 0.00cvss epss 0.00

    A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

  • CVE-2023-32572Oct 2, 2023
    risk 0.00cvss epss 0.00

    A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.

  • CVE-2023-28373Oct 2, 2023
    risk 0.00cvss epss 0.00

    A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.

  • CVE-2023-36627Oct 2, 2023
    risk 0.00cvss epss 0.00

    A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.