彙總 purestorage 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與路徑處理缺陷 等問題,部分漏洞可能導致 工作階段劫持,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-0209 | Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured. | [email protected] | 6.9 | 0.38% | 2026-04-14 | 2026-06-17 |
| CVE-2026-0207 | A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions. | [email protected] | 8.5 | 0.38% | 2026-04-14 | 2026-06-17 |
| CVE-2025-9127 | A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions. | [email protected] | 8.4 | 0.11% | 2025-12-04 | 2026-06-17 |
| CVE-2024-0005 | A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | [email protected] | 9.1 | 0.64% | 2024-09-23 | 2026-06-17 |
| CVE-2024-0004 | A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | [email protected] | 9.1 | 0.63% | 2024-09-23 | 2026-06-17 |
| CVE-2024-0003 | A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | [email protected] | 9.1 | 0.46% | 2024-09-23 | 2026-06-17 |
| CVE-2024-0002 | A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | [email protected] | 10.0 | 0.46% | 2024-09-23 | 2026-06-17 |
| CVE-2024-0001 | A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | [email protected] | 10.0 | 0.86% | 2024-09-23 | 2026-06-17 |
| CVE-2023-36628 | A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. | [email protected] | 8.8 | 0.46% | 2023-10-02 | 2026-06-17 |
| CVE-2023-32572 | A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. | [email protected] | 6.5 | 0.40% | 2023-10-02 | 2026-06-17 |
| CVE-2023-28373 | A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. | [email protected] | 4.4 | 0.43% | 2023-10-02 | 2026-06-17 |
| CVE-2023-36627 | A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. | [email protected] | 7.7 | 0.49% | 2023-10-02 | 2026-06-17 |
| CVE-2023-31042 | A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols. | [email protected] | 7.7 | 0.49% | 2023-10-02 | 2026-06-17 |
| CVE-2023-28372 | A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. | [email protected] | 6.5 | 0.46% | 2023-10-02 | 2026-06-17 |
| CVE-2022-31524 | The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | [email protected] | 9.3 | 1.24% | 2022-07-10 | 2026-06-17 |
| CVE-2022-32554 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary | [email protected] | 9.8 | 1.18% | 2022-06-23 | 2026-06-17 |
| CVE-2022-32553 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure | [email protected] | 8.8 | 1.07% | 2022-06-23 | 2026-06-17 |
| CVE-2022-32552 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No oth | [email protected] | 8.8 | 1.07% | 2022-06-23 | 2026-06-17 |
| CVE-2017-7352 | Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen. | [email protected] | 5.4 | 0.60% | 2017-10-11 | 2026-06-16 |