CVE-2023-31042

A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlades object store protocol can impact the availability of the systems data access and replication protocols.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
PureStorageCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
purestoragepurity
𝑥
≤ 3.3.6
purestoragepurity
4.0.0 ≤
𝑥
≤ 4.0.4
purestoragepurity
4.1.0 ≤
𝑥
≤ 4.1.1
𝑥
= Vulnerable software versions
References
https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042
https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042