Pure Security
Quick Links | |||
---|---|---|---|
White Papers | Field Bulletins | CVE Database (login required) | Contact Us |
Security DocumentationOur Security features are documented across various Product Documentation on our site. Here's a quick reference to our various Security sections. |
Security BulletinSecurity Bulletin for Linux ksmbd Vulnerability ZDI-22-1690. Pure Storage products and services are not affected by the Linux ksmbd vulnerability. Security Bulletin for CVE-2022-42889 (Apache Commons Text) and CVE-2022-33980 (Apache Commons Configuration). Pure Storage products are not affected by these two Apache Commons issues. Security Bulletin: Native SMB or Kerebos NFS failes to authenticate with Active Directory. Updated Nov 19 2022. Please see Microsoft's updated guidance posted 18-Nov-2022 - Sign in failures and other issues related to Kerberos authentication which details mitigation steps. Security Bulletin: OpenSSL v3.0.x Bulletin (CVE-2022-3786, CVE-2022-3602) On October 25, 2022, the OpenSSL project announced that OpenSSL (v3.0.7) would be released to fix a serious security flaw. On November, 1st 2022 the OpenSSL Project disclosed CVE-2022-3786 and CVE-2022-3602 – potentially critical severity vulnerabilities present in OpenSSL 3.0.x. Pure's Product Security Incident Response Team (PSIRT) has been working with our various product engineering teams in an attempt to determine if Pure products are exposed to this issue (CVE-2022-3786 and CVE-2022-3602). Please see the following Interim Pure Storage Security Bulletin. This Interim Security Bulletin will continue to be updated as we identify any additional relevant information. Security AdvisoriesSecurity Advisory: Pure response to "SpingShell" or "Spring4Shell" WAF rules mitigated against exploitation regarding the "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965). Security Advisory: Pure response to Apache Log4j/Log4Shell A self-service, online, non-disruptive patch to address the Log4j vulnerability (CVE-2021-44228) is now available. What can we learn from the Log4j vulnerability? This informative guide provides insights on how to respond to significant industry wide security vulnerabilities such as Log4j. Security Advisory: Pure response to "Dirty Pipe" This advisory describes a Linux kernel privilege escalation vulnerability that allows a local user to gain super-user privileges. CVSS Base score 7.8 High (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (CVE-2022-0847) Security Advisory: Critical Cumulative Security Bundle A self-service, online, non-disruptive patch to address four distinct security concerns is NOW AVAILABLE. The issues affect only FlashArray and FlashBlade products; no other Pure Storage products or services are affected. The security bundle patch can be delivered via Pure1 for certain versions. Click here for the Security Bulletin and FAQ regarding this cumulative Security Bundle release. |