Skip to main content
Pure Technical Services

Security Bulletin for FlashBlade Snapshot Scheduler CVE-2023-36627

Currently viewing public documentation. Please login to access the full scope of documentation.


A flaw exists whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.   

Base CVSS 3.1 Score Severity  Vector 
7.7 High  CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Corrective ActionEdit section

  • This issue is present in FlashBlade Purity (OE) versions <3.3.7, 4.0.0-4.0.5, 4.1.0-4.1.2.
  • This issue is first resolved in FlashBlade Purity (OE) versions 3.3.8 or later, 4.0.6 or later, and 4.1.3 or later.

Acknowledgements/ References

  • N/A