Purestorage: >> Purity//fa >> 6.3.6 Security Vulnerabilities
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-09-23
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
CVSS Score
10.0
EPSS Score
0.004
Published
2024-09-23
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
CVSS Score
10.0
EPSS Score
0.002
Published
2024-09-23
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
CVSS Score
9.1
EPSS Score
0.001
Published
2024-09-23
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-09-23
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-10-03
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-10-03
A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-10-03