Security Bulletin for FlashArray SafeMode Immutable Vulnerability CVE-2023-28373
Summary
A flaw exists whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
Base CVSS 3.1 Score | Severity | Vector |
---|---|---|
4.4 | Medium | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
Corrective Action
- This issue is present in FlashArray Purity (OE) versions 6.1.22 and prior, 6.2.15 and prior, 6.3.6 and prior, 6.4.0 and prior
- This issue is first resolved in FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7, or later and 6.4.1 or later
Acknowledgements/ References
- Pure Storage thanks the Mountain America Credit Union (MACU) team for reporting this issue.