Skip to main content
Pure Technical Services

Pure Security

Currently viewing public documentation. Please login to access the full scope of documentation.

Pure Security
Here at Pure Storage, we are driven by storage and our passion for security. Learn more about how our security DNA gives you peace of mind over your data security program.
White Papers Field Bulletins CVE Database (login required) Contact Us

Security Documentation 

Our Security features are documented across various Product Documentation on our site. Here's a quick reference to our various Security sections.

FlashArray Security Documentation

Additional Reference:

FlashBlade Security Documentation

Customers should feel comfortable that their data is stored safely. Here is some documentation on FlashBlade Security.

All blades that are returned to Pure undergo a stress test which erases and overwrites the data in every block within the NAND. Any blade that does not pass the stress test (broken, too worn, etc) is destroyed. We also offer a non-return option. This is more expensive to the customer as Pure does not get the blade returned. The support process for determining broken parts is the same except the customer would be responsible for the destruction of the non-returned part.

Additional Reference:

Pure1 Security Documentation
Enterprise Security Documentation

Security Advisories

Security Advisory: Pure response to "SpingShell" or "Spring4Shell"

WAF rules mitigated against exploitation regarding the "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965).

Security Advisory: Pure response to Apache Log4j/Log4Shell

A self-service, online, non-disruptive patch to address the Log4j vulnerability (CVE-2021-44228) is now available.

What can we learn from the Log4j vulnerability?

This informative guide provides insights on how to respond to significant industry wide security vulnerabilities such as Log4j.


Security Advisory: Pure response to "Dirty Pipe"

This advisory describes a Linux kernel privilege escalation vulnerability that allows a local user to gain super-user privileges. CVSS Base score 7.8 High (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).  (CVE-2022-0847)

Security Advisory: Critical Cumulative Security Bundle 

A self-service, online, non-disruptive patch to address four distinct security concerns is NOW AVAILABLE. The issues affect only FlashArray and FlashBlade products; no other Pure Storage products or services are affected.  The security bundle  patch can be delivered via Pure1 for certain versions. Click here for the Security Bulletin and FAQ regarding this cumulative Security Bundle release.