Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Cross-Product

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Cross-Product
    3. Security
    4. Advisories
    5. Security Advisory- Misuse of SEND TO email function –Update May 18, 2017 and Update June 7, 2017

    Security Advisory- Misuse of SEND TO email function –Update May 18, 2017 and Update June 7, 2017

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Subject: Misuse of SEND TO Email Function – Update May 18, 2017
      1. Overview
      2. Current Status:  Information for On-Premise Customers – Update June 7, 2017
      3. Affected Systems:
      4. Effective Security Severity Level:
      5. Affected Systems:
      6. Tests and Certifications:
      7. Actions Taken for Hosted Systems:
      8. Required Actions for On-Premise Systems:   

    Subject: Misuse of SEND TO Email Function – Update May 18, 2017

    Overview

    Ex Libris considers security and privacy the highest priorities and continues to analyze the issues regarding the misuse of the SEND TO email function. 
    A solution for Cloud users was put in place in May 2017.

    A user could manually send mail to multiple recipients that could cause a load on the Primo mail server.

    On May 18, Ex Libris implemented a solution for our Cloud services using multiple layers of security to protect the send mail function to multiple recipients.   
     

    Current Status:  Information for On-Premise Customers – Update June 7, 2017
    Affected Systems:

    Primo

    Effective Security Severity Level:

    Medium

    Affected Systems:

    Primo

    Tests and Certifications:

    The mitigation for this issue has been identified.

    Actions Taken for Hosted Systems:

    Ex Libris implemented a security solution on May 18, 2017.

    Required Actions for On-Premise Systems:   

    Ex Libris strongly recommends that you disable the email functionality by changing the SMTP_HOST parameter under General Configuration: E-mail and SMS Configuration to a fake parameter (for example NOT_REAL_SMTP).

    In 2 weeks, a permanent fix will be available that will restrict email functionality only to authenticated users.

    Record of Changes

    Type of information Document Data

    Document Title:

    Security Advisory- Misuse of SEND TO Email Function

    Document Owner:

    Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

    Approved by:

    Barak Rozenblat – VP Cloud Services

    Issued:

    Feb 16, 2014

    Reviewed & Revised:

    Jun 7, 2017

     

    Revision Control

    Version Number Nature of Change Date Approved

    1.0

    Initial version

    Feb 16, 2014

    1.1

    Update

    Oct 20, 2016

    1.2

    Update

    Jun 07, 2017

    Document Distribution and Review

    The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver

    View article in the Exlibris Knowledge Center
    1. Back to top
      • Security Advisory- DROWN vulnerability (CVE-2016-0800) – Updated March 6, 2016
      • Security Advisory- Local Customers – Update June 1, 2017
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Documentation
      Language
      English
      Product
      Cross-Product
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved