purestorage 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk cross-site scripting and パス処理の欠陥 などに関し、一部は vendor impact session compromise を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-9127 | A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions. | [email protected] | 8.4 | 0.01% | 2025-12-04 | 2026-02-03 |
| CVE-2024-0005 | A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | [email protected] | 9.1 | 0.36% | 2024-09-23 | 2024-09-27 |
| CVE-2024-0004 | A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | [email protected] | 9.1 | 0.47% | 2024-09-23 | 2024-09-27 |
| CVE-2024-0003 | A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | [email protected] | 9.1 | 0.36% | 2024-09-23 | 2024-09-27 |
| CVE-2024-0002 | A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | [email protected] | 10.0 | 0.46% | 2024-09-23 | 2024-09-27 |
| CVE-2024-0001 | A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | [email protected] | 10.0 | 2.20% | 2024-09-23 | 2024-09-27 |
| CVE-2023-36628 | A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. | [email protected] | 8.8 | 0.20% | 2023-10-03 | 2024-11-21 |
| CVE-2023-32572 | A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. | [email protected] | 6.5 | 0.04% | 2023-10-03 | 2024-11-21 |
| CVE-2023-28373 | A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. | [email protected] | 4.4 | 0.04% | 2023-10-03 | 2024-11-21 |
| CVE-2023-36627 | A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. | [email protected] | 7.7 | 0.04% | 2023-10-02 | 2024-11-21 |
| CVE-2023-31042 | A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols. | [email protected] | 7.7 | 0.06% | 2023-10-02 | 2024-11-21 |
| CVE-2023-28372 | A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. | [email protected] | 6.5 | 0.03% | 2023-10-02 | 2024-11-21 |
| CVE-2022-31524 | The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | [email protected] | 9.3 | 0.41% | 2022-07-11 | 2024-11-21 |
| CVE-2022-32554 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary | [email protected] | 9.8 | 0.47% | 2022-06-23 | 2024-11-21 |
| CVE-2022-32553 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure | [email protected] | 8.8 | 0.54% | 2022-06-23 | 2024-11-21 |
| CVE-2022-32552 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No oth | [email protected] | 8.8 | 0.54% | 2022-06-23 | 2024-11-21 |
| CVE-2017-7352 | Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen. | [email protected] | 5.4 | 0.15% | 2017-10-11 | 2026-05-13 |