Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Pure Storage, Inc.

#3895c224-4e1d-482a-adb3-fa64795683ac
PolicyEmail

Short Name

PureStorage

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

purestorage.com

Country

USA

Scope

Pure Storage products only.
Reported CVEsVendorsProductsReports
17Vulnerabilities found
CVE-2025-2327
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.65%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 16:23
Updated-17 Jun, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlashArray KEK Logging Vulnerability

A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.

Action-Not Available
Vendor-Pure Storage
Product-FlashArray
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-0052
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-8.3||HIGH
EPSS-0.13% / 32.59%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:39
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlashBlade DOS Vulnerability

Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.

Action-Not Available
Vendor-Pure Storage
Product-FlashBlade
CWE ID-CWE-20
Improper Input Validation
CVE-2025-0051
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-8.7||HIGH
EPSS-0.13% / 32.97%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:29
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlashArray DOS Vulnerability

Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.

Action-Not Available
Vendor-Pure Storage
Product-FlashArray
CWE ID-CWE-20
Improper Input Validation
CVE-2025-1308
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.84%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 21:18
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PX Backup Improper Sanitization Vulnerability

A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.

Action-Not Available
Vendor-Pure Storage
Product-PX Backup
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2024-3057
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 42.01%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 16:50
Updated-10 Apr, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.

Action-Not Available
Vendor-PureStoragepurestorage
Product-FlashArrayflasharray
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-0005
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.41% / 60.50%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 17:34
Updated-27 Sep, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.

Action-Not Available
Vendor-purestoragePureStoragepurestorage
Product-purity\/\/fbpurity\/\/faFlashBladeFlashArrayflashbladeflasharray
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-0004
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.40% / 59.78%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 17:28
Updated-27 Sep, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.

Action-Not Available
Vendor-purestoragePureStoragepurestorage
Product-purity\/\/faFlashArrayflasharray
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-0003
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.21% / 43.50%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 17:27
Updated-27 Sep, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.

Action-Not Available
Vendor-purestoragePureStoragepurestorage
Product-purity\/\/faFlashArrayflasharray
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-0002
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-10||CRITICAL
EPSS-0.23% / 46.15%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 17:26
Updated-27 Sep, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.

Action-Not Available
Vendor-purestoragePureStoragepurestorage
Product-purity\/\/faFlashArrayflasharray
CWE ID-CWE-287
Improper Authentication
CVE-2024-0001
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-10||CRITICAL
EPSS-1.04% / 76.49%
||
7 Day CHG+0.15%
Published-23 Sep, 2024 | 17:25
Updated-27 Sep, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.

Action-Not Available
Vendor-purestoragePure Storagepurestorage
Product-purity\/\/faFlashArrayflasharray
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2023-4976
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.17% / 38.41%
||
7 Day CHG+0.02%
Published-17 Jul, 2024 | 15:25
Updated-10 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlashBlade Authentication Mechanism Vulnerability

A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

Action-Not Available
Vendor-PureStoragepurestorage
Product-FlashBladeflashblade
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-36628
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.37%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 23:15
Updated-23 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation in VASA

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

Action-Not Available
Vendor-purestoragePure Storage
Product-purity\/\/faFlashArray Purity
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-32572
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.10%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 23:09
Updated-23 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlashArray pgroup Retention Lock SafeMode Protection

A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.

Action-Not Available
Vendor-purestoragePure Storage
Product-purity\/\/faFlashArray Purity
CWE ID-CWE-284
Improper Access Control
CVE-2023-28373
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 11.11%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 23:02
Updated-23 Sep, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlashArray SafeMode Immutable Vulnerability

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.

Action-Not Available
Vendor-purestoragePure Storage
Product-purity\/\/faFlashArray Purity
CVE-2023-36627
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-7.7||HIGH
EPSS-0.04% / 9.91%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 22:47
Updated-23 Sep, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlashBlade Snapshot Scheduler

A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.

Action-Not Available
Vendor-purestoragePure Storage
Product-purityFlashBlade Purity
CVE-2023-31042
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-7.7||HIGH
EPSS-0.06% / 17.28%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 22:39
Updated-23 Sep, 2024 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlashBlade Object Store Protocol

A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.

Action-Not Available
Vendor-purestoragePure Storage
Product-purityFlashBlade Purity
CVE-2023-28372
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.13%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 22:20
Updated-20 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlashBlade Object Store Privileged Access

A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.

Action-Not Available
Vendor-purestoragePure Storage
Product-purityFlashBlade
CWE ID-CWE-284
Improper Access Control