Purestorage: >> Purity Security Vulnerabilities
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
CVSS Score
6.5
EPSS Score
0.005
Published
2023-10-02
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
CVSS Score
7.7
EPSS Score
0.005
Published
2023-10-02
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
CVSS Score
7.7
EPSS Score
0.005
Published
2023-10-02
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
CVSS Score
5.4
EPSS Score
0.006
Published
2017-10-11