Search criteria
12 vulnerabilities found for purity\/\/fb by purestorage
FKIE_CVE-2024-0005
Vulnerability from fkie_nvd - Published: 2024-09-23 18:15 - Updated: 2024-09-27 15:25
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@purestorage.com | https://purestorage.com/security | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | 6.5.0 | |
| purestorage | purity\/\/fa | 6.6.0 | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | 4.3.0 | |
| purestorage | purity\/\/fb | 4.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4713BD-F013-4129-B3B8-0B95CE69D8A6",
"versionEndIncluding": "5.0.11",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C7A1D2-E2AE-4737-AF3D-B46AFA52DBD7",
"versionEndIncluding": "5.1.17",
"versionStartIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0303FA-81E7-41F8-B8F4-AD571E2B8D13",
"versionEndIncluding": "5.2.7",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1077938-9AEC-446A-BF07-ECEF798889E1",
"versionEndIncluding": "5.3.21",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA37DE8B-32EB-4BDD-808B-0DDF18ADC33C",
"versionEndIncluding": "6.0.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C01E4DAE-CAA7-4EF9-B47D-B400E36B97F2",
"versionEndIncluding": "6.1.25",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3311847D-BE5E-4435-9B1B-DF8824DF55B4",
"versionEndIncluding": "6.2.17",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A81E5420-C4D6-42CD-93EB-0B0BCB01F918",
"versionEndIncluding": "6.3.14",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07C73EC4-5F8C-422B-971F-0C8445E72145",
"versionEndIncluding": "6.4.10",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B75DE0E-3A1F-401A-85B0-EB7B7C8248D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDB3666-13AA-4908-9CB9-4426A7F6ED56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A921EA5-4877-4CA2-AA23-801C56890632",
"versionEndIncluding": "3.0.9",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06BC3E85-9263-4BA8-9B6B-2FCEC0620746",
"versionEndIncluding": "3.1.5",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD275B2-1F43-4B7B-9E68-49E0D07FA5B6",
"versionEndIncluding": "3.2.10",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46E8FF81-4F41-4B5D-B602-5C32B1B57602",
"versionEndIncluding": "3.3.11",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6491F180-CB5E-4790-B7EF-618840C71E06",
"versionEndIncluding": "4.0.6",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9D88CE-6331-4E11-B4C0-5DAD0B73911A",
"versionEndIncluding": "4.1.10",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "202A85B4-5F81-4559-9326-12830063D99F",
"versionEndIncluding": "4.2.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F372AC2-12D1-4CD7-923E-C8650C102C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CEF944-7552-41DF-993E-6D3B1463B548",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
},
{
"lang": "es",
"value": "Existe una condici\u00f3n en FlashArray y FlashBlade Purity por la cual un usuario malintencionado podr\u00eda ejecutar comandos arbitrarios de forma remota a trav\u00e9s de una configuraci\u00f3n SNMP espec\u00edficamente manipulada."
}
],
"id": "CVE-2024-0005",
"lastModified": "2024-09-27T15:25:40.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "psirt@purestorage.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-23T18:15:05.233",
"references": [
{
"source": "psirt@purestorage.com",
"tags": [
"Vendor Advisory"
],
"url": "https://purestorage.com/security"
}
],
"sourceIdentifier": "psirt@purestorage.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "psirt@purestorage.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-32552
Vulnerability from fkie_nvd - Published: 2022-06-23 17:15 - Updated: 2024-11-21 07:06
Severity ?
Summary
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0D5971-5894-4F3F-B0AD-A13BD0EA4AC2",
"versionEndExcluding": "5.3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D216A489-89FB-4799-9992-F5448C236678",
"versionEndExcluding": "6.0.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E69D4672-2465-432F-9819-F7226BD7FD56",
"versionEndExcluding": "6.1.13",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F84BEE75-E026-4FE0-BA6E-5807A5826053",
"versionEndExcluding": "6.2.4",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B71C29-4BF3-4AA7-A2CE-551B767031C8",
"versionEndExcluding": "3.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCBE46B1-B936-4CF8-9C5D-AD663362C426",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80890A7B-9D37-43B7-B5DF-AECAF3206635",
"versionEndExcluding": "3.3.1",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
},
{
"lang": "es",
"value": "Los productos Pure Storage FlashArray que ejecutan Purity//FA versiones 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x y versiones anteriores de Purity//FA, y los productos Pure Storage FlashBlade que ejecutan Purity//FB versiones 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3. 0.x y versiones anteriores de Purity//FB son vulnerables a una escalada de privilegios por medio de la manipulaci\u00f3n de variables de entorno de Python que puede ser explotada por un usuario conectado para escapar de un shell restringido a un shell no restringido con privilegios de root. Ning\u00fan otro producto o servicio de Pure Storage est\u00e1 afectado. La mitigaci\u00f3n est\u00e1 disponible en Pure Storage por medio de un parche de autoservicio \"opt-in\", la aplicaci\u00f3n manual del parche o una actualizaci\u00f3n del software a una versi\u00f3n no afectada del software Purity"
}
],
"id": "CVE-2022-32552",
"lastModified": "2024-11-21T07:06:36.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-23T17:15:13.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-32553
Vulnerability from fkie_nvd - Published: 2022-06-23 17:15 - Updated: 2024-11-21 07:06
Severity ?
Summary
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0D5971-5894-4F3F-B0AD-A13BD0EA4AC2",
"versionEndExcluding": "5.3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D216A489-89FB-4799-9992-F5448C236678",
"versionEndExcluding": "6.0.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E69D4672-2465-432F-9819-F7226BD7FD56",
"versionEndExcluding": "6.1.13",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F84BEE75-E026-4FE0-BA6E-5807A5826053",
"versionEndExcluding": "6.2.4",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B71C29-4BF3-4AA7-A2CE-551B767031C8",
"versionEndExcluding": "3.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCBE46B1-B936-4CF8-9C5D-AD663362C426",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80890A7B-9D37-43B7-B5DF-AECAF3206635",
"versionEndExcluding": "3.3.1",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
},
{
"lang": "es",
"value": "Los productos Pure Storage FlashArray que ejecutan Purity//FA versiones 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x y versiones anteriores de Purity//FA, y los productos Pure Storage FlashBlade que ejecutan Purity//FB versiones 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1. 12, 3.0.x y versiones anteriores de Purity//FB son vulnerables a una escalada de privilegios por medio de la manipulaci\u00f3n de variables de entorno que puede ser explotada por un usuario conectado para escapar de un shell restringido a un shell sin restricciones con privilegios de root. Ning\u00fan otro producto o servicio de Pure Storage est\u00e1 afectado. La mitigaci\u00f3n est\u00e1 disponible en Pure Storage por medio de un parche de autoservicio \"opt-in\", la aplicaci\u00f3n de un parche manual o una actualizaci\u00f3n de software a una versi\u00f3n no afectada del software Purity"
}
],
"id": "CVE-2022-32553",
"lastModified": "2024-11-21T07:06:37.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-23T17:15:13.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-32554
Vulnerability from fkie_nvd - Published: 2022-06-23 17:15 - Updated: 2024-11-21 07:06
Severity ?
Summary
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fa | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * | |
| purestorage | purity\/\/fb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0D5971-5894-4F3F-B0AD-A13BD0EA4AC2",
"versionEndExcluding": "5.3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D216A489-89FB-4799-9992-F5448C236678",
"versionEndExcluding": "6.0.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E69D4672-2465-432F-9819-F7226BD7FD56",
"versionEndExcluding": "6.1.13",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F84BEE75-E026-4FE0-BA6E-5807A5826053",
"versionEndExcluding": "6.2.4",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B71C29-4BF3-4AA7-A2CE-551B767031C8",
"versionEndExcluding": "3.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCBE46B1-B936-4CF8-9C5D-AD663362C426",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80890A7B-9D37-43B7-B5DF-AECAF3206635",
"versionEndExcluding": "3.3.1",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
},
{
"lang": "es",
"value": "Los productos Pure Storage FlashArray que ejecutan Purity//FA versiones 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x y versiones anteriores de Purity//FA, y los productos Pure Storage FlashBlade que ejecutan Purity//FB versiones 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x y versiones anteriores de Purity//FB son vulnerables a las credenciales posiblemente expuestas para acceder a la interfaz de gesti\u00f3n del producto. La contrase\u00f1a puede ser conocida fuera de Pure Storage y podr\u00eda ser usada en un sistema afectado, si es accesible, para ejecutar instrucciones arbitrarias con privilegios de root. Ning\u00fan otro producto o servicio de Pure Storage est\u00e1 afectado. La soluci\u00f3n est\u00e1 disponible en Pure Storage por medio de un parche de autoservicio \"opt-in\", la aplicaci\u00f3n manual del parche o una actualizaci\u00f3n del software a una versi\u00f3n no afectada del software Purity"
}
],
"id": "CVE-2022-32554",
"lastModified": "2024-11-21T07:06:37.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-23T17:15:13.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-0005 (GCVE-0-2024-0005)
Vulnerability from cvelistv5 – Published: 2024-09-23 17:34 – Updated: 2024-09-24 13:49
VLAI?
Summary
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
Severity ?
9.1 (Critical)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PureStorage | FlashArray |
Affected:
5.0.0 , ≤ 5.0.11
(custom)
Affected: 5.1.0 , ≤ 5.1.17 (custom) Affected: 5.2.0 , ≤ 5.2.7 (custom) Affected: 5.3.0 , ≤ 5.3.21 (custom) Affected: 6.0.0 , ≤ 6.0.9 (custom) Affected: 6.1.0 , ≤ 6.1.25 (custom) Affected: 6.2.0 , ≤ 6.2.17 (custom) Affected: 6.3.0 , ≤ 6.3.14 (custom) Affected: 6.4.0 , ≤ 6.4.10 (custom) Affected: 6.5.0 Affected: 6.6.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:purestorage:flasharray:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flasharray",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "5.0.11",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.17",
"status": "affected",
"version": "5.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.2.7",
"status": "affected",
"version": "5.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.3.21",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.3.14",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.5.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flasharray:6.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flasharray",
"vendor": "purestorage",
"versions": [
{
"status": "affected",
"version": "6.6.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "3.0.9",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:3.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "3.1.15",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:3.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "3.2.10",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:3.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "3.3.11",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:4.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:4.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:4.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:38:08.230078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T13:49:20.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Purity"
],
"product": "FlashArray",
"vendor": "PureStorage",
"versions": [
{
"lessThanOrEqual": "5.0.11",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.17",
"status": "affected",
"version": "5.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.2.7",
"status": "affected",
"version": "5.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.3.21",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.3.14",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.5.0"
},
{
"status": "affected",
"version": "6.6.0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Purity"
],
"product": "FlashBlade",
"vendor": "PureStorage",
"versions": [
{
"lessThanOrEqual": "3.0.9",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.15",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.2.10",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.3.11",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
}
],
"value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T17:34:11.321Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://purestorage.com/security"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\u003cbr\u003e\n\u003cbr\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashArray Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.3.15 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.5.1 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.6.1 or later.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashBlade Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FB versions 4.1.12 or later\n\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FB versions 4.3.2 or later\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
}
],
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later.\n\n\nThis issue is resolved in the following\u00a0FlashBlade Purity releases:\n\n * Purity//FB versions 4.1.12 or later\n\n * Purity//FB versions 4.3.2 or later"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2024-0005",
"datePublished": "2024-09-23T17:34:11.321Z",
"dateReserved": "2023-11-01T17:10:20.833Z",
"dateUpdated": "2024-09-24T13:49:20.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32554 (GCVE-0-2022-32554)
Vulnerability from cvelistv5 – Published: 2022-06-22 14:25 – Updated: 2024-08-03 07:46
VLAI?
Summary
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:44.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T14:25:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
"refsource": "MISC",
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32554",
"datePublished": "2022-06-22T14:25:48",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:44.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32552 (GCVE-0-2022-32552)
Vulnerability from cvelistv5 – Published: 2022-06-22 14:22 – Updated: 2024-08-03 07:46
VLAI?
Summary
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T14:22:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
"refsource": "MISC",
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32552",
"datePublished": "2022-06-22T14:22:29",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:43.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32553 (GCVE-0-2022-32553)
Vulnerability from cvelistv5 – Published: 2022-06-22 14:07 – Updated: 2024-08-03 07:46
VLAI?
Summary
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T14:07:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
"refsource": "MISC",
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32553",
"datePublished": "2022-06-22T14:07:35",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:43.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0005 (GCVE-0-2024-0005)
Vulnerability from nvd – Published: 2024-09-23 17:34 – Updated: 2024-09-24 13:49
VLAI?
Summary
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
Severity ?
9.1 (Critical)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PureStorage | FlashArray |
Affected:
5.0.0 , ≤ 5.0.11
(custom)
Affected: 5.1.0 , ≤ 5.1.17 (custom) Affected: 5.2.0 , ≤ 5.2.7 (custom) Affected: 5.3.0 , ≤ 5.3.21 (custom) Affected: 6.0.0 , ≤ 6.0.9 (custom) Affected: 6.1.0 , ≤ 6.1.25 (custom) Affected: 6.2.0 , ≤ 6.2.17 (custom) Affected: 6.3.0 , ≤ 6.3.14 (custom) Affected: 6.4.0 , ≤ 6.4.10 (custom) Affected: 6.5.0 Affected: 6.6.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:purestorage:flasharray:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flasharray",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "5.0.11",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.17",
"status": "affected",
"version": "5.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.2.7",
"status": "affected",
"version": "5.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.3.21",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.3.14",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.5.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flasharray:6.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flasharray",
"vendor": "purestorage",
"versions": [
{
"status": "affected",
"version": "6.6.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "3.0.9",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:3.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "3.1.15",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:3.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "3.2.10",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:3.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "3.3.11",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:4.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:4.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:purestorage:flashblade:4.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flashblade",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:38:08.230078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T13:49:20.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Purity"
],
"product": "FlashArray",
"vendor": "PureStorage",
"versions": [
{
"lessThanOrEqual": "5.0.11",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.17",
"status": "affected",
"version": "5.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.2.7",
"status": "affected",
"version": "5.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.3.21",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.3.14",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.5.0"
},
{
"status": "affected",
"version": "6.6.0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Purity"
],
"product": "FlashBlade",
"vendor": "PureStorage",
"versions": [
{
"lessThanOrEqual": "3.0.9",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.15",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.2.10",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.3.11",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
}
],
"value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T17:34:11.321Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://purestorage.com/security"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\u003cbr\u003e\n\u003cbr\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashArray Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.3.15 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.5.1 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.6.1 or later.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashBlade Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FB versions 4.1.12 or later\n\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FB versions 4.3.2 or later\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
}
],
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later.\n\n\nThis issue is resolved in the following\u00a0FlashBlade Purity releases:\n\n * Purity//FB versions 4.1.12 or later\n\n * Purity//FB versions 4.3.2 or later"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2024-0005",
"datePublished": "2024-09-23T17:34:11.321Z",
"dateReserved": "2023-11-01T17:10:20.833Z",
"dateUpdated": "2024-09-24T13:49:20.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32554 (GCVE-0-2022-32554)
Vulnerability from nvd – Published: 2022-06-22 14:25 – Updated: 2024-08-03 07:46
VLAI?
Summary
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:44.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T14:25:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
"refsource": "MISC",
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32554",
"datePublished": "2022-06-22T14:25:48",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:44.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32552 (GCVE-0-2022-32552)
Vulnerability from nvd – Published: 2022-06-22 14:22 – Updated: 2024-08-03 07:46
VLAI?
Summary
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T14:22:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
"refsource": "MISC",
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32552",
"datePublished": "2022-06-22T14:22:29",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:43.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32553 (GCVE-0-2022-32553)
Vulnerability from nvd – Published: 2022-06-22 14:07 – Updated: 2024-08-03 07:46
VLAI?
Summary
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T14:07:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
"refsource": "MISC",
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32553",
"datePublished": "2022-06-22T14:07:35",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:43.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}