Skip to main content
Pure Technical Services

Security Bulletins

Currently viewing public documentation. Please login to access the full scope of documentation.

Please see below for the most recent security bulletins. The comprehensive security advisories list is available in our CVE Database.

Legend for Rating/Score:       9.0 - 1.0 Critical  ||        7.0 - 8.9 High  ||        4.0 - 6.9 Medium  ||        0.1 - 3.9 Low

CVE Reference & CVSS 3.1 Score/Vector Description Product
CVE-2022-40982 -       6.5 Medium Security Bulletin for Intel Downfall Vulnerability  No corrective action is required for any Pure Storage products. 

CVE-2023-34362 -       9.8 Critical

CVE-2023-35036 -       9.1 Critical

CVE-2023-35708 -       9.8 Critical

Security Bulletin for MOVEit Transfer Vulnerabilities No corrective action is required for any Pure Storage products.
CVE-2022-38023 -       8.1 Critical Security Bulletin Microsoft Netlogon RPC Elevation of Privilege Vulnerability CVE-2022-38023 FlashArray
CVE-2021-44228 -       9.6 Critical

Security Bulletin Log4j/Log4Shell CVE-2021-44228

What can we learn from the Log4j vulnerability CVE-2021-44228?

FlashArray, FlashBlade, CloudBlockStore, Portworx
CVE-2022-22965 -       9.8 Critical Security Bulletin SpingShell or Spring4Shell CVE-2022-22965 No corrective action is required for any Pure Storage Products.

CVE-2022-3786 -       7.5 High

CVE-2022-3602 -       7.5 High

Security Bulletin OpenSSL v3.0.x CVE-2022-3786, CVE-2022-3602 No corrective action is required for any Pure Storage Products.
CVE-2022-37966 -       8.1 High Security Bulletin Native SMB or Kerebos NFS fails to authenticate with Active Directory Please see Microsoft's updated guidance posted 18-Nov-2022 - Sign in failures and other issues related to Kerberos authentication which details mitigation steps.

CVE-2022-42889 -       9.8 Critical

CVE-2022-33980 -       9.8 Critical

Security Bulletin Apache Commons Text and Apache Commons Configuration CVE-2022-42889, CVE-2022-33980 No corrective action is required for any Pure Storage products.

CVE-2022-47939 -       9.8 Critical

ZDI-22-1690

ZDI-CAN-17816

Security Bulletin Linux ksmbd vulnerability ZDI-22-1690, ZDI-CAN-17816  No corrective action is required for any Pure Storage products.Pure does not include nor enable this service in any of our products.
CVE-2023-29059 -       7.8 High Security Bulletin 3CX Voice Over IP Protocol (VOIP) Client Supply Chain Attack No corrective action is required for any Pure Storage products.