Skip to main content
Pure Technical Services

Security Bulletin for FlashArray SafeMode Immutable Vulnerability CVE-2023-28373

Currently viewing public documentation. Please login to access the full scope of documentation.



A flaw exists whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.  

Base CVSS 3.1 Score Severity  Vector 
4.4 Medium CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Corrective ActionEdit section

  • This issue is present in FlashArray Purity (OE) versions 6.1.22 and prior, 6.2.15 and prior, 6.3.6 and prior, 6.4.0 and prior
  • This issue is first resolved in  FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7, or later and 6.4.1 or later

Acknowledgements/ References

  • Pure Storage thanks the Mountain America Credit Union (MACU) team for reporting this issue.