CVE-2020-5684

Name of the Vulnerable Software and Affected Versions iSM client versions from V5.1 prior to V12.1

Description The issue allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate, as the iSM client does not verify a server certificate properly when running on NEC Storage Manager or NEC Storage Manager Express.

Recommendations For iSM client versions from V5.1 prior to V12.1, update to version V12.1 or later to resolve the issue. As a temporary workaround, consider restricting communication to trusted servers and verifying server certificates manually until a patch is available.