CVE-2024-5445

Name of the Vulnerable Software and Affected Versions: Ecosystem Agent versions 4.0 through 4.1.5.2597 Ecosystem Agent versions 5.0 through 5.1.4.2473

Description: The issue is related to the improper validation of SSL/TLS certificates. This could allow a malicious actor to perform a Man-in-the-Middle attack and intercept traffic between the agent and N-able servers from a privileged network position.

Recommendations: For Ecosystem Agent versions 4.0 through 4.1.5.2597, update to version 4.1.5.2597 or later to resolve the issue. For Ecosystem Agent versions 5.0 through 5.1.4.2473, update to version 5.1.4.2473 or later to resolve the issue.