Search criteria
13 vulnerabilities found for purity by purestorage
VAR-201710-1339
Vulnerability from variot - Updated: 2023-12-18 13:52Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen. Pure Storage Purity Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PureStoragePurity is a storage device from PureStorage, USA. A cross-site scripting vulnerability exists in the PureStoragePurity 4.7.5 release. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the help of the \342\200\230host\342\200\231 parameter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "purity",
"scope": "eq",
"trust": 1.0,
"vendor": "purestorage",
"version": "4.7.5"
},
{
"model": "purity",
"scope": "eq",
"trust": 0.8,
"vendor": "pure storage",
"version": "4.7.5"
},
{
"model": "storage pure storage purity",
"scope": "eq",
"trust": 0.6,
"vendor": "pure",
"version": "4.7.5"
},
{
"model": "purestorage",
"scope": "eq",
"trust": 0.6,
"vendor": "purestorage",
"version": "4.7.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:purestorage:purity:4.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7352"
}
]
},
"cve": "CVE-2017-7352",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-7352",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2017-33069",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-7352",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7352",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-33069",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1363",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen. Pure Storage Purity Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PureStoragePurity is a storage device from PureStorage, USA. A cross-site scripting vulnerability exists in the PureStoragePurity 4.7.5 release. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the help of the \\342\\200\\230host\\342\\200\\231 parameter",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7352"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "CNVD",
"id": "CNVD-2017-33069"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7352",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-33069",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
]
},
"id": "VAR-201710-1339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
}
]
},
"last_update_date": "2023-12-18T13:52:52.474000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Purity",
"trust": 0.8,
"url": "https://www.purestorage.com/jp/products/purity.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://arthrocyber.com/research#finding_3"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7352"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7352"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"db": "NVD",
"id": "CVE-2017-7352"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"date": "2017-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"date": "2017-10-11T06:29:00.190000",
"db": "NVD",
"id": "CVE-2017-7352"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"date": "2017-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008923"
},
{
"date": "2019-12-11T14:30:48.267000",
"db": "NVD",
"id": "CVE-2017-7352"
},
{
"date": "2019-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pure Storage Purity Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33069"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1363"
}
],
"trust": 0.6
}
}
FKIE_CVE-2023-36627
Vulnerability from fkie_nvd - Published: 2023-10-02 23:15 - Updated: 2024-11-21 08:10
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Summary
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| purestorage | purity | * | |
| purestorage | purity | * | |
| purestorage | purity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C0F497-DD08-458D-880A-6F28D43EAA65",
"versionEndIncluding": "3.3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3742D7B1-35C9-411A-95E5-694631B7314E",
"versionEndIncluding": "4.0.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74E272AA-D989-45ED-881E-6F05EDE1C255",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \n"
},
{
"lang": "es",
"value": "Existe una falla en FlashBlade Purity por la cual un usuario con acceso a una cuenta administrativa en un FlashBlade que est\u00e1 configurado con programas de instant\u00e1neas dependientes de la zona horaria puede configurar una zona horaria para evitar que el programa funcione correctamente."
}
],
"id": "CVE-2023-36627",
"lastModified": "2024-11-21T08:10:06.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "psirt@purestorage.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-02T23:15:12.470",
"references": [
{
"source": "psirt@purestorage.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"sourceIdentifier": "psirt@purestorage.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-28372
Vulnerability from fkie_nvd - Published: 2023-10-02 23:15 - Updated: 2024-11-21 07:54
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Summary
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| purestorage | purity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB08A18-1D0D-490B-8646-399DB3091DF8",
"versionEndIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\n"
},
{
"lang": "es",
"value": "Existe una falla en FlashBlade Purity (OE) versi\u00f3n 4.1.0 por la cual un usuario con privilegios para extender el per\u00edodo de retenci\u00f3n de un objeto puede afectar la disponibilidad del bloqueo del objeto."
}
],
"id": "CVE-2023-28372",
"lastModified": "2024-11-21T07:54:56.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "psirt@purestorage.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-02T23:15:12.293",
"references": [
{
"source": "psirt@purestorage.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"sourceIdentifier": "psirt@purestorage.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-31042
Vulnerability from fkie_nvd - Published: 2023-10-02 23:15 - Updated: 2024-11-21 08:01
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| purestorage | purity | * | |
| purestorage | purity | * | |
| purestorage | purity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CAD37B1-C5AC-4CD5-98DB-9D71FDA4436A",
"versionEndIncluding": "3.3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A110562-3372-4131-9D8E-8CEA1522BF76",
"versionEndIncluding": "4.0.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DDCB7D-6ADD-4C60-9B4B-1FC08832ECC4",
"versionEndIncluding": "4.1.1",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \n\n"
},
{
"lang": "es",
"value": "Existe una falla en FlashBlade Purity por la cual un usuario autenticado con acceso al protocolo de almacenamiento de objetos de FlashBlade puede afectar la disponibilidad de los protocolos de replicaci\u00f3n y acceso a datos del sistema."
}
],
"id": "CVE-2023-31042",
"lastModified": "2024-11-21T08:01:18.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "psirt@purestorage.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-02T23:15:12.397",
"references": [
{
"source": "psirt@purestorage.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"sourceIdentifier": "psirt@purestorage.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7352
Vulnerability from fkie_nvd - Published: 2017-10-11 06:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://arthrocyber.com/research#finding_3 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://arthrocyber.com/research#finding_3 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| purestorage | purity | 4.7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purestorage:purity:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EE26DD-39A6-49C5-94BE-68DD433E61B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) persistente en la versi\u00f3n 4.7.6 de Pure Storage Purity permite que usuarios autenticados remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro \"host\" en la pantalla \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027"
}
],
"id": "CVE-2017-7352",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T06:29:00.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://arthrocyber.com/research#finding_3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://arthrocyber.com/research#finding_3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-36627 (GCVE-0-2023-36627)
Vulnerability from cvelistv5 – Published: 2023-10-02 22:47 – Updated: 2024-09-23 13:44
VLAI?
Title
FlashBlade Snapshot Scheduler
Summary
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
Severity ?
7.7 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pure Storage | FlashBlade Purity |
Affected:
0 , ≤ 3.3.7
(custom)
Affected: 4.0.0 , ≤ 4.0.5 (custom) Affected: 4.1.0 , ≤ 4.1.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:53.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:44:24.331319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:44:34.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlashBlade Purity",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "3.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.2",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:48:34.766Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Snapshot Scheduler",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-36627",
"datePublished": "2023-10-02T22:47:12.443Z",
"dateReserved": "2023-06-25T15:05:39.900Z",
"dateUpdated": "2024-09-23T13:44:34.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31042 (GCVE-0-2023-31042)
Vulnerability from cvelistv5 – Published: 2023-10-02 22:39 – Updated: 2024-09-23 13:48
VLAI?
Title
FlashBlade Object Store Protocol
Summary
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
Severity ?
7.7 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pure Storage | FlashBlade Purity |
Affected:
3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:48:23.809519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:48:31.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Replication",
"Snapshot Availability"
],
"product": "FlashBlade Purity",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:39:02.597Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Object Store Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-31042",
"datePublished": "2023-10-02T22:39:02.597Z",
"dateReserved": "2023-04-23T18:57:20.519Z",
"dateUpdated": "2024-09-23T13:48:31.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28372 (GCVE-0-2023-28372)
Vulnerability from cvelistv5 – Published: 2023-10-02 22:20 – Updated: 2024-09-20 14:50
VLAI?
Title
FlashBlade Object Store Privileged Access
Summary
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
Severity ?
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pure Storage | FlashBlade |
Affected:
4.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T14:50:35.903525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:50:53.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlashBlade",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:20:21.550Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Object Store Privileged Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-28372",
"datePublished": "2023-10-02T22:20:21.550Z",
"dateReserved": "2023-03-15T04:06:47.634Z",
"dateUpdated": "2024-09-20T14:50:53.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7352 (GCVE-0-2017-7352)
Vulnerability from cvelistv5 – Published: 2017-10-11 06:00 – Updated: 2024-08-05 15:56
VLAI?
Summary
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arthrocyber.com/research#finding_3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-11T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arthrocyber.com/research#finding_3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arthrocyber.com/research#finding_3",
"refsource": "MISC",
"url": "http://arthrocyber.com/research#finding_3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7352",
"datePublished": "2017-10-11T06:00:00",
"dateReserved": "2017-03-30T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36627 (GCVE-0-2023-36627)
Vulnerability from nvd – Published: 2023-10-02 22:47 – Updated: 2024-09-23 13:44
VLAI?
Title
FlashBlade Snapshot Scheduler
Summary
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
Severity ?
7.7 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pure Storage | FlashBlade Purity |
Affected:
0 , ≤ 3.3.7
(custom)
Affected: 4.0.0 , ≤ 4.0.5 (custom) Affected: 4.1.0 , ≤ 4.1.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:53.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:44:24.331319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:44:34.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlashBlade Purity",
"vendor": "Pure Storage",
"versions": [
{
"lessThanOrEqual": "3.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.2",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:48:34.766Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Snapshot_Scheduler_CVE-2023-36627"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, 4.1.3 or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Snapshot Scheduler",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-36627",
"datePublished": "2023-10-02T22:47:12.443Z",
"dateReserved": "2023-06-25T15:05:39.900Z",
"dateUpdated": "2024-09-23T13:44:34.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31042 (GCVE-0-2023-31042)
Vulnerability from nvd – Published: 2023-10-02 22:39 – Updated: 2024-09-23 13:48
VLAI?
Title
FlashBlade Object Store Protocol
Summary
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
Severity ?
7.7 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pure Storage | FlashBlade Purity |
Affected:
3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:48:23.809519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:48:31.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Replication",
"Snapshot Availability"
],
"product": "FlashBlade Purity",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "3.3.6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:39:02.597Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved in FlashBlade Purity (OE) versions 3.3.7 or later, 4.0.5 or later, 4.1.2 or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Object Store Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-31042",
"datePublished": "2023-10-02T22:39:02.597Z",
"dateReserved": "2023-04-23T18:57:20.519Z",
"dateUpdated": "2024-09-23T13:48:31.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28372 (GCVE-0-2023-28372)
Vulnerability from nvd – Published: 2023-10-02 22:20 – Updated: 2024-09-20 14:50
VLAI?
Title
FlashBlade Object Store Privileged Access
Summary
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
Severity ?
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pure Storage | FlashBlade |
Affected:
4.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T14:50:35.903525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:50:53.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlashBlade",
"vendor": "Pure Storage",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object\u2019s retention period can affect the availability of the object lock.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T22:20:21.550Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is resolved starting in FlashBlade Purity (OE) version 4.1.1. or later.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "FlashBlade Object Store Privileged Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2023-28372",
"datePublished": "2023-10-02T22:20:21.550Z",
"dateReserved": "2023-03-15T04:06:47.634Z",
"dateUpdated": "2024-09-20T14:50:53.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7352 (GCVE-0-2017-7352)
Vulnerability from nvd – Published: 2017-10-11 06:00 – Updated: 2024-08-05 15:56
VLAI?
Summary
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arthrocyber.com/research#finding_3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-11T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arthrocyber.com/research#finding_3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the \"host\" parameter on the \u0027System \u003e Configuration \u003e SNMP \u003e Add SNMP Trap Manager\u0027 screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arthrocyber.com/research#finding_3",
"refsource": "MISC",
"url": "http://arthrocyber.com/research#finding_3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7352",
"datePublished": "2017-10-11T06:00:00",
"dateReserved": "2017-03-30T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}