Skip to main content
Contact Us
Register
Pure Technical Services

Security Bulletin for FlashArray SafeMode Immutable Vulnerability CVE-2023-28373

  1. Last updated
  2. Save as PDF

Currently viewing public documentation. Please login to access the full scope of documentation.

author_pureicon.png

Summary 

A flaw exists whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.  

Base CVSS 3.1 Score Severity  Vector 
4.4 Medium CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Corrective ActionEdit section

  • This issue is present in FlashArray Purity (OE) versions 6.1.22 and prior, 6.2.15 and prior, 6.3.6 and prior, 6.4.0 and prior
  • This issue is first resolved in  FlashArray Purity (OE) versions 6.1.23 or later, 6.2.16 or later, 6.3.7, or later and 6.4.1 or later

Acknowledgements/ References

  • Pure Storage thanks the Mountain America Credit Union (MACU) team for reporting this issue.