FlashBlade Snapshot Scheduler
CVE-2023-36627

7.7HIGH

Key Information:

Vendor: Pure Storage
Status: Flashblade Purity
Vendor: CVE Published:; 2 October 2023

🔔 Create Pure Storage Vulnerability Alert

What is CVE-2023-36627?

A security flaw in FlashBlade Purity allows an administrative user to manipulate timezone settings, effectively disrupting the functionality of scheduled snapshots. When an administrator configures the timezone on a FlashBlade system, it can lead to snapshots failing to execute as expected, creating potential data integrity issues.

Affected Version(s)

FlashBlade Purity 0 <= 3.3.7

FlashBlade Purity 4.0.0 <= 4.0.5

FlashBlade Purity 4.1.0 <= 4.1.2

References

https://support.purestorage.com/Pure_Storage_Technical_Se...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2023
Vulnerability Reserved
Jun 25, 2023