Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

PureStorage

Source -

CNA

BOS Name -

N/A

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
8Vulnerabilities found
CVE-2026-0207
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.82%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 17:53
Updated-17 Apr, 2026 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Information Logging Vulnerability in FlashBlade

A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.

Action-Not Available
Vendor-PureStorage
Product-FlashBlade
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-0209
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 3.82%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 17:52
Updated-17 Apr, 2026 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.

Action-Not Available
Vendor-PureStorage
Product-FlashArray
CWE ID-CWE-783
Operator Precedence Logic Error
CVE-2024-3057
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 56.73%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 16:50
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.

Action-Not Available
Vendor-PureStoragepurestorage
Product-FlashArrayflasharray
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-0005
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.36% / 58.14%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 17:34
Updated-27 Sep, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.

Action-Not Available
Vendor-purestoragePureStoragepurestorage
Product-purity\/\/fbpurity\/\/faFlashBladeFlashArrayflashbladeflasharray
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-0004
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.48% / 65.31%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 17:28
Updated-27 Sep, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.

Action-Not Available
Vendor-purestoragePureStoragepurestorage
Product-purity\/\/faFlashArrayflasharray
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-0003
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.36% / 58.20%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 17:27
Updated-27 Sep, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.

Action-Not Available
Vendor-purestoragePureStoragepurestorage
Product-purity\/\/faFlashArrayflasharray
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-0002
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-10||CRITICAL
EPSS-0.46% / 64.23%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 17:26
Updated-27 Sep, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.

Action-Not Available
Vendor-purestoragePureStoragepurestorage
Product-purity\/\/faFlashArrayflasharray
CWE ID-CWE-287
Improper Authentication
CVE-2023-4976
Assigner-Pure Storage, Inc.
ShareView Details
Assigner-Pure Storage, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.24% / 46.90%
||
7 Day CHG~0.00%
Published-17 Jul, 2024 | 15:25
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FlashBlade Authentication Mechanism Vulnerability

A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

Action-Not Available
Vendor-PureStoragepurestorage
Product-FlashBladeflashblade
CWE ID-CWE-269
Improper Privilege Management