6 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. Existe una falla en VASA que permite a los usuarios con acceso a un administrador de VMware vSphere/ESXi en un FlashArray obtener acceso al root a través de una escalada de privilegios. • https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628 • CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. Existe una falla en FlashArray Purity en la que, en circunstancias limitadas, un administrador de matriz puede alterar el bloqueo de retención de un pgroup y deshabilitar la protección SafeMode de pgroup. • https://https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_-_FlashArray_pgroup_Retention_Lock_SafeMode_Protection_CVE-2023-32572 • CWE-284: Improper Access Control •

CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. Existe una falla en FlashArray Purity por la cual un administrador de matriz, al configurar un administrador de claves externo, puede afectar la disponibilidad de los datos en el sistema, incluidas las instantáneas protegidas por SafeMode. • https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373 •

CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. Los productos Pure Storage FlashArray que ejecutan Purity//FA versiones 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x y versiones anteriores de Purity//FA, y los productos Pure Storage FlashBlade que ejecutan Purity//FB versiones 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x y versiones anteriores de Purity//FB son vulnerables a las credenciales posiblemente expuestas para acceder a la interfaz de gestión del producto. • https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04 •

CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. Los productos Pure Storage FlashArray que ejecutan Purity//FA versiones 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x y versiones anteriores de Purity//FA, y los productos Pure Storage FlashBlade que ejecutan Purity//FB versiones 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3. 0.x y versiones anteriores de Purity//FB son vulnerables a una escalada de privilegios por medio de la manipulación de variables de entorno de Python que puede ser explotada por un usuario conectado para escapar de un shell restringido a un shell no restringido con privilegios de root. Ningún otro producto o servicio de Pure Storage está afectado. • https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04 •