CVE-2023-31042

EUVD-2023-35379
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
PureStorageCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
purestoragepurity
𝑥
≤ 3.3.6
purestoragepurity
4.0.0 ≤
𝑥
≤ 4.0.4
purestoragepurity
4.1.0 ≤
𝑥
≤ 4.1.1
𝑥
= Vulnerable software versions
References
https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042
https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042