Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for purity\/\/fb by purestorage

    CVE-2024-0005 (GCVE-0-2024-0005)

    Vulnerability from nvd – Published: 2024-09-23 17:34 – Updated: 2024-09-24 13:49
    VLAI
    Summary
    A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    URL Tags
    https://purestorage.com/security vendor-advisory
    Impacted products
    Vendor Product Version
    PureStorage FlashArray Affected: 5.0.0 , ≤ 5.0.11 (custom)
    Affected: 5.1.0 , ≤ 5.1.17 (custom)
    Affected: 5.2.0 , ≤ 5.2.7 (custom)
    Affected: 5.3.0 , ≤ 5.3.21 (custom)
    Affected: 6.0.0 , ≤ 6.0.9 (custom)
    Affected: 6.1.0 , ≤ 6.1.25 (custom)
    Affected: 6.2.0 , ≤ 6.2.17 (custom)
    Affected: 6.3.0 , ≤ 6.3.14 (custom)
    Affected: 6.4.0 , ≤ 6.4.10 (custom)
    Affected: 6.5.0
    Affected: 6.6.0
    Create a notification for this product.
    PureStorage FlashBlade Affected: 3.0.0 , ≤ 3.0.9 (custom)
    Affected: 3.1.0 , ≤ 3.1.15 (custom)
    Affected: 3.2.0 , ≤ 3.2.10 (custom)
    Affected: 3.3.0 , ≤ 3.3.11 (custom)
    Affected: 4.0.0 , ≤ 4.0.6 (custom)
    Affected: 4.1.0 , ≤ 4.1.10 (custom)
    Affected: 4.2.0 , ≤ 4.2.3 (custom)
    Affected: 4.3.0 , ≤ 4.3.1 (custom)
    Create a notification for this product.
    purestorage flasharray Affected: 5.0.0 , ≤ 5.0.11 (custom)
    Affected: 5.1.0 , ≤ 5.1.17 (custom)
    Affected: 5.2.0 , ≤ 5.2.7 (custom)
    Affected: 5.3.0 , ≤ 5.3.21 (custom)
    Affected: 6.0.0 , ≤ 6.0.9 (custom)
    Affected: 6.1.0 , ≤ 6.1.25 (custom)
    Affected: 6.2.0 , ≤ 6.2.17 (custom)
    Affected: 6.3.0 , ≤ 6.3.14 (custom)
    Affected: 6.4.0 , ≤ 6.4.10 (custom)
    Affected: 6.5.0
        cpe:2.3:a:purestorage:flasharray:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:5.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flasharray Affected: 6.6.0
        cpe:2.3:a:purestorage:flasharray:6.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 3.0.0 , ≤ 3.0.9 (custom)
        cpe:2.3:a:purestorage:flashblade:3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 3.1.0 , ≤ 3.1.15 (custom)
        cpe:2.3:a:purestorage:flashblade:3.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 3.2.0 , ≤ 3.2.10 (custom)
        cpe:2.3:a:purestorage:flashblade:3.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 3.3.0 , ≤ 3.3.11 (custom)
        cpe:2.3:a:purestorage:flashblade:3.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 4.0.0 , ≤ 4.0.6 (custom)
        cpe:2.3:a:purestorage:flashblade:4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 4.1.0 , ≤ 4.1.10 (custom)
        cpe:2.3:a:purestorage:flashblade:4.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 4.2.0 , ≤ 4.2.3 (custom)
        cpe:2.3:a:purestorage:flashblade:4.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 4.3.0 , ≤ 4.3.1 (custom)
        cpe:2.3:a:purestorage:flashblade:4.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flasharray:5.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:5.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:5.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:5.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flasharray",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "5.0.11",
                    "status": "affected",
                    "version": "5.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "5.1.17",
                    "status": "affected",
                    "version": "5.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "5.2.7",
                    "status": "affected",
                    "version": "5.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "5.3.21",
                    "status": "affected",
                    "version": "5.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.0.9",
                    "status": "affected",
                    "version": "6.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.1.25",
                    "status": "affected",
                    "version": "6.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.2.17",
                    "status": "affected",
                    "version": "6.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.3.14",
                    "status": "affected",
                    "version": "6.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.4.10",
                    "status": "affected",
                    "version": "6.4.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "6.5.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flasharray:6.6.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flasharray",
                "vendor": "purestorage",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.6.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "3.0.9",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:3.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "3.1.15",
                    "status": "affected",
                    "version": "3.1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:3.2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.10",
                    "status": "affected",
                    "version": "3.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:3.3.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "3.3.11",
                    "status": "affected",
                    "version": "3.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "4.0.6",
                    "status": "affected",
                    "version": "4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:4.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "4.1.10",
                    "status": "affected",
                    "version": "4.1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:4.2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "4.2.3",
                    "status": "affected",
                    "version": "4.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:4.3.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "4.3.1",
                    "status": "affected",
                    "version": "4.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T13:38:08.230078Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T13:49:20.771Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Purity"
              ],
              "product": "FlashArray",
              "vendor": "PureStorage",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.11",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "5.1.17",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "5.2.7",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "5.3.21",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.0.9",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.1.25",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.2.17",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.3.14",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "6.5.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Purity"
              ],
              "product": "FlashBlade",
              "vendor": "PureStorage",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.9",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.1.15",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.2.10",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.3.11",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.0.6",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.1.10",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.2.3",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.3.1",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
                }
              ],
              "value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-23T17:34:11.321Z",
            "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
            "shortName": "PureStorage"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://purestorage.com/security"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\u003cbr\u003e\n\u003cbr\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashArray Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.3.15 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.5.1 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.6.1 or later.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashBlade Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FB versions 4.1.12 or later\n\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FB versions 4.3.2 or later\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
                }
              ],
              "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity  releases:\n\n  *  Purity//FA versions 6.3.15 or later \n  *  Purity//FA versions 6.5.1 or later \n  *  Purity//FA versions 6.6.1 or later.\n\n\nThis issue is resolved in the following\u00a0FlashBlade Purity  releases:\n\n  *  Purity//FB versions 4.1.12 or later\n\n  *  Purity//FB versions 4.3.2 or later"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "assignerShortName": "PureStorage",
        "cveId": "CVE-2024-0005",
        "datePublished": "2024-09-23T17:34:11.321Z",
        "dateReserved": "2023-11-01T17:10:20.833Z",
        "dateUpdated": "2024-09-24T13:49:20.771Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32554 (GCVE-0-2022-32554)

    Vulnerability from nvd – Published: 2022-06-22 14:25 – Updated: 2024-08-03 07:46
    VLAI
    Summary
    Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:44.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-22T14:25:48.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-32554",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
                  "refsource": "MISC",
                  "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-32554",
        "datePublished": "2022-06-22T14:25:48.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:46:44.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32553 (GCVE-0-2022-32553)

    Vulnerability from nvd – Published: 2022-06-22 14:07 – Updated: 2024-08-03 07:46
    VLAI
    Summary
    Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:43.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-22T14:07:35.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-32553",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
                  "refsource": "MISC",
                  "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-32553",
        "datePublished": "2022-06-22T14:07:35.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:46:43.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32552 (GCVE-0-2022-32552)

    Vulnerability from nvd – Published: 2022-06-22 14:22 – Updated: 2024-08-03 07:46
    VLAI
    Summary
    Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:43.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-22T14:22:29.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-32552",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
                  "refsource": "MISC",
                  "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-32552",
        "datePublished": "2022-06-22T14:22:29.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:46:43.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0005 (GCVE-0-2024-0005)

    Vulnerability from cvelistv5 – Published: 2024-09-23 17:34 – Updated: 2024-09-24 13:49
    VLAI
    Summary
    A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    URL Tags
    https://purestorage.com/security vendor-advisory
    Impacted products
    Vendor Product Version
    PureStorage FlashArray Affected: 5.0.0 , ≤ 5.0.11 (custom)
    Affected: 5.1.0 , ≤ 5.1.17 (custom)
    Affected: 5.2.0 , ≤ 5.2.7 (custom)
    Affected: 5.3.0 , ≤ 5.3.21 (custom)
    Affected: 6.0.0 , ≤ 6.0.9 (custom)
    Affected: 6.1.0 , ≤ 6.1.25 (custom)
    Affected: 6.2.0 , ≤ 6.2.17 (custom)
    Affected: 6.3.0 , ≤ 6.3.14 (custom)
    Affected: 6.4.0 , ≤ 6.4.10 (custom)
    Affected: 6.5.0
    Affected: 6.6.0
    Create a notification for this product.
    PureStorage FlashBlade Affected: 3.0.0 , ≤ 3.0.9 (custom)
    Affected: 3.1.0 , ≤ 3.1.15 (custom)
    Affected: 3.2.0 , ≤ 3.2.10 (custom)
    Affected: 3.3.0 , ≤ 3.3.11 (custom)
    Affected: 4.0.0 , ≤ 4.0.6 (custom)
    Affected: 4.1.0 , ≤ 4.1.10 (custom)
    Affected: 4.2.0 , ≤ 4.2.3 (custom)
    Affected: 4.3.0 , ≤ 4.3.1 (custom)
    Create a notification for this product.
    purestorage flasharray Affected: 5.0.0 , ≤ 5.0.11 (custom)
    Affected: 5.1.0 , ≤ 5.1.17 (custom)
    Affected: 5.2.0 , ≤ 5.2.7 (custom)
    Affected: 5.3.0 , ≤ 5.3.21 (custom)
    Affected: 6.0.0 , ≤ 6.0.9 (custom)
    Affected: 6.1.0 , ≤ 6.1.25 (custom)
    Affected: 6.2.0 , ≤ 6.2.17 (custom)
    Affected: 6.3.0 , ≤ 6.3.14 (custom)
    Affected: 6.4.0 , ≤ 6.4.10 (custom)
    Affected: 6.5.0
        cpe:2.3:a:purestorage:flasharray:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:5.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flasharray Affected: 6.6.0
        cpe:2.3:a:purestorage:flasharray:6.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 3.0.0 , ≤ 3.0.9 (custom)
        cpe:2.3:a:purestorage:flashblade:3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 3.1.0 , ≤ 3.1.15 (custom)
        cpe:2.3:a:purestorage:flashblade:3.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 3.2.0 , ≤ 3.2.10 (custom)
        cpe:2.3:a:purestorage:flashblade:3.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 3.3.0 , ≤ 3.3.11 (custom)
        cpe:2.3:a:purestorage:flashblade:3.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 4.0.0 , ≤ 4.0.6 (custom)
        cpe:2.3:a:purestorage:flashblade:4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 4.1.0 , ≤ 4.1.10 (custom)
        cpe:2.3:a:purestorage:flashblade:4.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 4.2.0 , ≤ 4.2.3 (custom)
        cpe:2.3:a:purestorage:flashblade:4.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    purestorage flashblade Affected: 4.3.0 , ≤ 4.3.1 (custom)
        cpe:2.3:a:purestorage:flashblade:4.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flasharray:5.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:5.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:5.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:5.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flasharray",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "5.0.11",
                    "status": "affected",
                    "version": "5.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "5.1.17",
                    "status": "affected",
                    "version": "5.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "5.2.7",
                    "status": "affected",
                    "version": "5.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "5.3.21",
                    "status": "affected",
                    "version": "5.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.0.9",
                    "status": "affected",
                    "version": "6.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.1.25",
                    "status": "affected",
                    "version": "6.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.2.17",
                    "status": "affected",
                    "version": "6.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.3.14",
                    "status": "affected",
                    "version": "6.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "6.4.10",
                    "status": "affected",
                    "version": "6.4.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "6.5.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flasharray:6.6.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flasharray",
                "vendor": "purestorage",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.6.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "3.0.9",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:3.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "3.1.15",
                    "status": "affected",
                    "version": "3.1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:3.2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.10",
                    "status": "affected",
                    "version": "3.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:3.3.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "3.3.11",
                    "status": "affected",
                    "version": "3.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "4.0.6",
                    "status": "affected",
                    "version": "4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:4.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "4.1.10",
                    "status": "affected",
                    "version": "4.1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:4.2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "4.2.3",
                    "status": "affected",
                    "version": "4.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:purestorage:flashblade:4.3.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flashblade",
                "vendor": "purestorage",
                "versions": [
                  {
                    "lessThanOrEqual": "4.3.1",
                    "status": "affected",
                    "version": "4.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T13:38:08.230078Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T13:49:20.771Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Purity"
              ],
              "product": "FlashArray",
              "vendor": "PureStorage",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.11",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "5.1.17",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "5.2.7",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "5.3.21",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.0.9",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.1.25",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.2.17",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.3.14",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "6.5.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Purity"
              ],
              "product": "FlashBlade",
              "vendor": "PureStorage",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.9",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.1.15",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.2.10",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.3.11",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.0.6",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.1.10",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.2.3",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.3.1",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
                }
              ],
              "value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-23T17:34:11.321Z",
            "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
            "shortName": "PureStorage"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://purestorage.com/security"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\u003cbr\u003e\n\u003cbr\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashArray Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.3.15 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.5.1 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.6.1 or later.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashBlade Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FB versions 4.1.12 or later\n\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FB versions 4.3.2 or later\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
                }
              ],
              "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity  releases:\n\n  *  Purity//FA versions 6.3.15 or later \n  *  Purity//FA versions 6.5.1 or later \n  *  Purity//FA versions 6.6.1 or later.\n\n\nThis issue is resolved in the following\u00a0FlashBlade Purity  releases:\n\n  *  Purity//FB versions 4.1.12 or later\n\n  *  Purity//FB versions 4.3.2 or later"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "assignerShortName": "PureStorage",
        "cveId": "CVE-2024-0005",
        "datePublished": "2024-09-23T17:34:11.321Z",
        "dateReserved": "2023-11-01T17:10:20.833Z",
        "dateUpdated": "2024-09-24T13:49:20.771Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32554 (GCVE-0-2022-32554)

    Vulnerability from cvelistv5 – Published: 2022-06-22 14:25 – Updated: 2024-08-03 07:46
    VLAI
    Summary
    Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:44.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-22T14:25:48.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-32554",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
                  "refsource": "MISC",
                  "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-32554",
        "datePublished": "2022-06-22T14:25:48.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:46:44.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32552 (GCVE-0-2022-32552)

    Vulnerability from cvelistv5 – Published: 2022-06-22 14:22 – Updated: 2024-08-03 07:46
    VLAI
    Summary
    Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:43.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-22T14:22:29.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-32552",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
                  "refsource": "MISC",
                  "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-32552",
        "datePublished": "2022-06-22T14:22:29.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:46:43.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32553 (GCVE-0-2022-32553)

    Vulnerability from cvelistv5 – Published: 2022-06-22 14:07 – Updated: 2024-08-03 07:46
    VLAI
    Summary
    Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:43.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-22T14:07:35.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-32553",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
                  "refsource": "MISC",
                  "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-32553",
        "datePublished": "2022-06-22T14:07:35.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:46:43.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }