Masaaki Kobayashi

**Name of the Vulnerable Software and Affected Versions** iSM client versions from V5.1 prior to V12.1 **Description** The issue allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate, as the iSM client does not verify a server certificate properly when running on NEC Storage Manager or NEC Storage Manager Express. **Recommendations** For iSM client versions from V5.1 prior to V12.1, update to version V12.1 or later to resolve the issue. As a temporary workaround, consider restricting communication to trusted servers and verifying server certificates manually until a patch is available.