Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-36628: Security Bulletin for Privilege Escalation in VASA CVE-2023-36628

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

CVE
Open in Source
#pdf#vmware

  1. Last updated

  2. Save as PDF

****Summary** **

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

Pure Storage has reserved CVE-2023-36628 in response to this issue.

Base CVSS 3.1 Score

Severity

Vector

8.8

High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

****Corrective Action****

  • This issue is present in FlashArray Purity (OE) versions 6.1.x, 6.2.x, 6.3.0 - 6.3.11, 6.4.0 - 6.4.5.

  • This issue is resolved in //FlashArray Purity (OE) versions 6.3.12, 6.4.6.

****Acknowledgements/ References****

  • N/A

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE