Search

Find a vulnerability

Search criteria

    9 vulnerabilities found for purity by purestorage

    VAR-201710-1339

    Vulnerability from variot - Updated: 2025-04-20 23:37

    Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen. Pure Storage Purity Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PureStoragePurity is a storage device from PureStorage, USA. A cross-site scripting vulnerability exists in the PureStoragePurity 4.7.5 release. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the help of the \342\200\230host\342\200\231 parameter

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1339",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "purity",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "purestorage",
            "version": "4.7.5"
          },
          {
            "model": "purity",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "pure storage",
            "version": "4.7.5"
          },
          {
            "model": "storage pure storage purity",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "pure",
            "version": "4.7.5"
          },
          {
            "model": "purestorage",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "purestorage",
            "version": "4.7.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1363"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7352"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:purestorage:purestorage",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          }
        ]
      },
      "cve": "CVE-2017-7352",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-7352",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2017-33069",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2017-7352",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2017-7352",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-7352",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-7352",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-33069",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-1363",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1363"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7352"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen. Pure Storage Purity Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PureStoragePurity is a storage device from PureStorage, USA. A cross-site scripting vulnerability exists in the PureStoragePurity 4.7.5 release. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the help of the \\342\\200\\230host\\342\\200\\231 parameter",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7352"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-7352",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008923",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33069",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1363",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1363"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7352"
          }
        ]
      },
      "id": "VAR-201710-1339",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:37:47.157000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Purity",
            "trust": 0.8,
            "url": "https://www.purestorage.com/jp/products/purity.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7352"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "http://arthrocyber.com/research#finding_3"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7352"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7352"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1363"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7352"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1363"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7352"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          },
          {
            "date": "2017-10-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          },
          {
            "date": "2017-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1363"
          },
          {
            "date": "2017-10-11T06:29:00.190000",
            "db": "NVD",
            "id": "CVE-2017-7352"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          },
          {
            "date": "2017-10-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008923"
          },
          {
            "date": "2019-12-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1363"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-7352"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1363"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pure Storage Purity Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33069"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1363"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1363"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-36627 (GCVE-0-2023-36627)

    Vulnerability from nvd – Published: 2023-10-02 22:47 – Updated: 2024-09-23 13:44
    VLAI
    Title
    FlashBlade Snapshot Scheduler
    Summary
    A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Pure Storage FlashBlade Purity Affected: 0 , ≤ 3.3.7 (custom)
    Affected: 4.0.0 , ≤ 4.0.5 (custom)
    Affected: 4.1.0 , ≤ 4.1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:53.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36627",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T13:44:24.331319Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T13:44:34.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FlashBlade Purity",
              "vendor": "Pure Storage",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.0.5",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.1.2",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-02T22:48:34.766Z",
            "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
            "shortName": "PureStorage"
          },
          "references": [
            {
              "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\n"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "FlashBlade Snapshot Scheduler",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "assignerShortName": "PureStorage",
        "cveId": "CVE-2023-36627",
        "datePublished": "2023-10-02T22:47:12.443Z",
        "dateReserved": "2023-06-25T15:05:39.900Z",
        "dateUpdated": "2024-09-23T13:44:34.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31042 (GCVE-0-2023-31042)

    Vulnerability from nvd – Published: 2023-10-02 22:39 – Updated: 2024-09-23 13:48
    VLAI
    Title
    FlashBlade Object Store Protocol
    Summary
    A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Pure Storage FlashBlade Purity Affected: 3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T13:48:23.809519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T13:48:31.513Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Replication",
                "Snapshot Availability"
              ],
              "product": "FlashBlade Purity",
              "vendor": "Pure Storage",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-02T22:39:02.597Z",
            "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
            "shortName": "PureStorage"
          },
          "references": [
            {
              "url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\n"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "FlashBlade Object Store Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "assignerShortName": "PureStorage",
        "cveId": "CVE-2023-31042",
        "datePublished": "2023-10-02T22:39:02.597Z",
        "dateReserved": "2023-04-23T18:57:20.519Z",
        "dateUpdated": "2024-09-23T13:48:31.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28372 (GCVE-0-2023-28372)

    Vulnerability from nvd – Published: 2023-10-02 22:20 – Updated: 2024-09-20 14:50
    VLAI
    Title
    FlashBlade Object Store Privileged Access
    Summary
    A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:38:24.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-20T14:50:35.903525Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-20T14:50:53.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FlashBlade",
              "vendor": "Pure Storage",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can  affect the availability of the object lock.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can  affect the availability of the object lock.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-02T22:20:21.550Z",
            "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
            "shortName": "PureStorage"
          },
          "references": [
            {
              "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "This issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\n"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "FlashBlade Object Store Privileged Access",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "assignerShortName": "PureStorage",
        "cveId": "CVE-2023-28372",
        "datePublished": "2023-10-02T22:20:21.550Z",
        "dateReserved": "2023-03-15T04:06:47.634Z",
        "dateUpdated": "2024-09-20T14:50:53.883Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7352 (GCVE-0-2017-7352)

    Vulnerability from nvd – Published: 2017-10-11 06:00 – Updated: 2024-08-05 15:56
    VLAI
    Summary
    Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://arthrocyber.com/research#finding_3 x_refsource_MISC
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:56:36.466Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://arthrocyber.com/research#finding_3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-11T05:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://arthrocyber.com/research#finding_3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-7352",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://arthrocyber.com/research#finding_3",
                  "refsource": "MISC",
                  "url": "http://arthrocyber.com/research#finding_3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-7352",
        "datePublished": "2017-10-11T06:00:00.000Z",
        "dateReserved": "2017-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:56:36.466Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36627 (GCVE-0-2023-36627)

    Vulnerability from cvelistv5 – Published: 2023-10-02 22:47 – Updated: 2024-09-23 13:44
    VLAI
    Title
    FlashBlade Snapshot Scheduler
    Summary
    A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Pure Storage FlashBlade Purity Affected: 0 , ≤ 3.3.7 (custom)
    Affected: 4.0.0 , ≤ 4.0.5 (custom)
    Affected: 4.1.0 , ≤ 4.1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:53.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36627",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T13:44:24.331319Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T13:44:34.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FlashBlade Purity",
              "vendor": "Pure Storage",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.0.5",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.1.2",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-02T22:48:34.766Z",
            "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
            "shortName": "PureStorage"
          },
          "references": [
            {
              "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\n"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "FlashBlade Snapshot Scheduler",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "assignerShortName": "PureStorage",
        "cveId": "CVE-2023-36627",
        "datePublished": "2023-10-02T22:47:12.443Z",
        "dateReserved": "2023-06-25T15:05:39.900Z",
        "dateUpdated": "2024-09-23T13:44:34.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31042 (GCVE-0-2023-31042)

    Vulnerability from cvelistv5 – Published: 2023-10-02 22:39 – Updated: 2024-09-23 13:48
    VLAI
    Title
    FlashBlade Object Store Protocol
    Summary
    A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Pure Storage FlashBlade Purity Affected: 3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T13:48:23.809519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T13:48:31.513Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Replication",
                "Snapshot Availability"
              ],
              "product": "FlashBlade Purity",
              "vendor": "Pure Storage",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-02T22:39:02.597Z",
            "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
            "shortName": "PureStorage"
          },
          "references": [
            {
              "url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\n"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "FlashBlade Object Store Protocol",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "assignerShortName": "PureStorage",
        "cveId": "CVE-2023-31042",
        "datePublished": "2023-10-02T22:39:02.597Z",
        "dateReserved": "2023-04-23T18:57:20.519Z",
        "dateUpdated": "2024-09-23T13:48:31.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28372 (GCVE-0-2023-28372)

    Vulnerability from cvelistv5 – Published: 2023-10-02 22:20 – Updated: 2024-09-20 14:50
    VLAI
    Title
    FlashBlade Object Store Privileged Access
    Summary
    A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:38:24.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-20T14:50:35.903525Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-20T14:50:53.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FlashBlade",
              "vendor": "Pure Storage",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can  affect the availability of the object lock.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can  affect the availability of the object lock.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-02T22:20:21.550Z",
            "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
            "shortName": "PureStorage"
          },
          "references": [
            {
              "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "This issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\n"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "FlashBlade Object Store Privileged Access",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "assignerShortName": "PureStorage",
        "cveId": "CVE-2023-28372",
        "datePublished": "2023-10-02T22:20:21.550Z",
        "dateReserved": "2023-03-15T04:06:47.634Z",
        "dateUpdated": "2024-09-20T14:50:53.883Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7352 (GCVE-0-2017-7352)

    Vulnerability from cvelistv5 – Published: 2017-10-11 06:00 – Updated: 2024-08-05 15:56
    VLAI
    Summary
    Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://arthrocyber.com/research#finding_3 x_refsource_MISC
    Date Public
    2017-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:56:36.466Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://arthrocyber.com/research#finding_3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-11T05:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://arthrocyber.com/research#finding_3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-7352",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://arthrocyber.com/research#finding_3",
                  "refsource": "MISC",
                  "url": "http://arthrocyber.com/research#finding_3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-7352",
        "datePublished": "2017-10-11T06:00:00.000Z",
        "dateReserved": "2017-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:56:36.466Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }