Purestorage

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-9127 1Purestorage 1Portworx Feb 3, 2026 Dec 4, 2025 8.4 HIGH· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.
CVE-2024-0005 1Purestorage 2Purity//fa Purity//fb Sep 27, 2024 Sep 23, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
CVE-2024-0004 1Purestorage 1Purity//fa Sep 27, 2024 Sep 23, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
CVE-2024-0003 1Purestorage 1Purity//fa Sep 27, 2024 Sep 23, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
CVE-2024-0002 1Purestorage 1Purity//fa Sep 27, 2024 Sep 23, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
CVE-2024-0001 1Purestorage 1Purity//fa Sep 27, 2024 Sep 23, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
CVE-2023-36628 1Purestorage 1Purity//fa Nov 21, 2024 Oct 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
CVE-2023-32572 1Purestorage 1Purity//fa Nov 21, 2024 Oct 3, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
CVE-2023-28373 1Purestorage 1Purity//fa Nov 21, 2024 Oct 3, 2023 N/A· v4 2.7 LOW· v3 N/A· v2 A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
CVE-2023-36627 1Purestorage 1Purity Nov 21, 2024 Oct 2, 2023 N/A· v4 2.7 LOW· v3 N/A· v2 A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule fr...Show more A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. Show less
CVE-2023-31042 1Purestorage 1Purity Nov 21, 2024 Oct 2, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
CVE-2023-28372 1Purestorage 1Purity Nov 21, 2024 Oct 2, 2023 N/A· v4 2.7 LOW· v3 N/A· v2 A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
CVE-2022-31524 1Purestorage 1Pure Swagger Nov 21, 2024 Jul 11, 2022 N/A· v4 9.3 CRITICAL· v3 6.4 MEDIUM· v2 The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVE-2022-32554 1Purestorage 2Purity//fa Purity//fb Nov 21, 2024 Jun 23, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0...Show more Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.Show less
CVE-2022-32553 1Purestorage 2Purity//fa Purity//fb Nov 21, 2024 Jun 23, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0...Show more Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.Show less
CVE-2022-32552 1Purestorage 2Purity//fa Purity//fb Nov 21, 2024 Jun 23, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0...Show more Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.Show less
CVE-2017-7352 1Purestorage 1Purity May 13, 2026 Oct 11, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add S...Show more Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.Show less