Search
Find a vulnerability
Search criteria
9 vulnerabilities found for purity by purestorage
VAR-201710-1339
Vulnerability from variot - Updated: 2025-04-20 23:37Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen. Pure Storage Purity Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PureStoragePurity is a storage device from PureStorage, USA. A cross-site scripting vulnerability exists in the PureStoragePurity 4.7.5 release. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the help of the \342\200\230host\342\200\231 parameter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "purity",
"scope": "eq",
"trust": 1.0,
"vendor": "purestorage",
"version": "4.7.5"
},
{
"model": "purity",
"scope": "eq",
"trust": 0.8,
"vendor": "pure storage",
"version": "4.7.5"
},
{
"model": "storage pure storage purity",
"scope": "eq",
"trust": 0.6,
"vendor": "pure",
"version": "4.7.5"
},
{
"model": "purestorage",
"scope": "eq",
"trust": 0.6,
"vendor": "purestorage",
"version": "4.7.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:purestorage:purestorage",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
}
]
},
"cve": "CVE-2017-7352",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-7352",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2017-33069",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2017-7352",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-7352",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7352",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-7352",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-33069",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1363",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen. Pure Storage Purity Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PureStoragePurity is a storage device from PureStorage, USA. A cross-site scripting vulnerability exists in the PureStoragePurity 4.7.5 release. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the help of the \\342\\200\\230host\\342\\200\\231 parameter",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7352"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "CNVD",
"id": "CNVD-2017-33069"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7352",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-33069",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
}
]
},
"id": "VAR-201710-1339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
}
]
},
"last_update_date": "2025-04-20T23:37:47.157000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Purity",
"trust": 0.8,
"url": "https://www.purestorage.com/jp/products/purity.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://arthrocyber.com/research#finding_3"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7352"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7352"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"date": "2017-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1363"
},
{
"date": "2017-10-11T06:29:00.190000",
"db": "NVD",
"id": "CVE-2017-7352"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"date": "2017-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"date": "2019-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1363"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7352"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pure Storage Purity Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
],
"trust": 0.6
}
}
CVE-2023-36627 (GCVE-0-2023-36627)
Vulnerability from nvd – Published: 2023-10-02 22:47 – Updated: 2024-09-23 13:44
VLAI
Title
FlashBlade Snapshot Scheduler
Summary
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashBlade Purity |
Affected:
0 , ≤ 3.3.7
(custom)
Affected: 4.0.0 , ≤ 4.0.5 (custom) Affected: 4.1.0 , ≤ 4.1.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:53.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:44:24.331319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:44:34.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlashBlade Purity",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "3.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.2",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:48:34.766Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Snapshot Scheduler",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-36627",
"datePublished": "2023-10-02T22:47:12.443Z",
"dateReserved": "2023-06-25T15:05:39.900Z",
"dateUpdated": "2024-09-23T13:44:34.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31042 (GCVE-0-2023-31042)
Vulnerability from nvd – Published: 2023-10-02 22:39 – Updated: 2024-09-23 13:48
VLAI
Title
FlashBlade Object Store Protocol
Summary
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashBlade Purity |
Affected:
3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:48:23.809519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:48:31.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Replication",
"Snapshot Availability"
],
"product": "FlashBlade Purity",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:39:02.597Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Object Store Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-31042",
"datePublished": "2023-10-02T22:39:02.597Z",
"dateReserved": "2023-04-23T18:57:20.519Z",
"dateUpdated": "2024-09-23T13:48:31.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28372 (GCVE-0-2023-28372)
Vulnerability from nvd – Published: 2023-10-02 22:20 – Updated: 2024-09-20 14:50
VLAI
Title
FlashBlade Object Store Privileged Access
Summary
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashBlade |
Affected:
4.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T14:50:35.903525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:50:53.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlashBlade",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:20:21.550Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Object Store Privileged Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-28372",
"datePublished": "2023-10-02T22:20:21.550Z",
"dateReserved": "2023-03-15T04:06:47.634Z",
"dateUpdated": "2024-09-20T14:50:53.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7352 (GCVE-0-2017-7352)
Vulnerability from nvd – Published: 2017-10-11 06:00 – Updated: 2024-08-05 15:56
VLAI
Summary
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://arthrocyber.com/research#finding_3 | x_refsource_MISC |
Date Public
2017-10-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arthrocyber.com/research#finding_3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-11T05:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arthrocyber.com/research#finding_3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arthrocyber.com/research#finding_3",
"refsource": "MISC",
"url": "http://arthrocyber.com/research#finding_3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7352",
"datePublished": "2017-10-11T06:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:56:36.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36627 (GCVE-0-2023-36627)
Vulnerability from cvelistv5 – Published: 2023-10-02 22:47 – Updated: 2024-09-23 13:44
VLAI
Title
FlashBlade Snapshot Scheduler
Summary
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashBlade Purity |
Affected:
0 , ≤ 3.3.7
(custom)
Affected: 4.0.0 , ≤ 4.0.5 (custom) Affected: 4.1.0 , ≤ 4.1.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:53.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:44:24.331319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:44:34.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlashBlade Purity",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "3.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.2",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:48:34.766Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Snapshot Scheduler",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-36627",
"datePublished": "2023-10-02T22:47:12.443Z",
"dateReserved": "2023-06-25T15:05:39.900Z",
"dateUpdated": "2024-09-23T13:44:34.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31042 (GCVE-0-2023-31042)
Vulnerability from cvelistv5 – Published: 2023-10-02 22:39 – Updated: 2024-09-23 13:48
VLAI
Title
FlashBlade Object Store Protocol
Summary
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashBlade Purity |
Affected:
3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:48:23.809519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:48:31.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Replication",
"Snapshot Availability"
],
"product": "FlashBlade Purity",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:39:02.597Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Object Store Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-31042",
"datePublished": "2023-10-02T22:39:02.597Z",
"dateReserved": "2023-04-23T18:57:20.519Z",
"dateUpdated": "2024-09-23T13:48:31.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28372 (GCVE-0-2023-28372)
Vulnerability from cvelistv5 – Published: 2023-10-02 22:20 – Updated: 2024-09-20 14:50
VLAI
Title
FlashBlade Object Store Privileged Access
Summary
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pure Storage | FlashBlade |
Affected:
4.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T14:50:35.903525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:50:53.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlashBlade",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:20:21.550Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Object Store Privileged Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-28372",
"datePublished": "2023-10-02T22:20:21.550Z",
"dateReserved": "2023-03-15T04:06:47.634Z",
"dateUpdated": "2024-09-20T14:50:53.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7352 (GCVE-0-2017-7352)
Vulnerability from cvelistv5 – Published: 2017-10-11 06:00 – Updated: 2024-08-05 15:56
VLAI
Summary
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://arthrocyber.com/research#finding_3 | x_refsource_MISC |
Date Public
2017-10-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arthrocyber.com/research#finding_3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-11T05:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arthrocyber.com/research#finding_3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arthrocyber.com/research#finding_3",
"refsource": "MISC",
"url": "http://arthrocyber.com/research#finding_3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7352",
"datePublished": "2017-10-11T06:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:56:36.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}