Skip to main content
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Security Advisory- Misuse of SEND TO email function –Update May 18, 2017 and Update June 7, 2017

    Subject: Misuse of SEND TO Email Function – Update May 18, 2017


    Ex Libris considers security and privacy the highest priorities and continues to analyze the issues regarding the misuse of the SEND TO email function. 
    A solution for Cloud users was put in place in May 2017.

    A user could manually send mail to multiple recipients that could cause a load on the Primo mail server.

    On May 18, Ex Libris implemented a solution for our Cloud services using multiple layers of security to protect the send mail function to multiple recipients.   

    Current Status:  Information for On-Premise Customers – Update June 7, 2017
    Affected Systems:


    Effective Security Severity Level:


    Affected Systems:


    Tests and Certifications:

    The mitigation for this issue has been identified.

    Actions Taken for Hosted Systems:

    Ex Libris implemented a security solution on May 18, 2017.

    Required Actions for On-Premise Systems:   

    Ex Libris strongly recommends that you disable the email functionality by changing the SMTP_HOST parameter under General Configuration: E-mail and SMS Configuration to a fake parameter (for example NOT_REAL_SMTP).

    In 2 weeks, a permanent fix will be available that will restrict email functionality only to authenticated users.

    Record of Changes

    Type of information Document Data

    Document Title:

    Security Advisory- Misuse of SEND TO Email Function

    Document Owner:

    Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

    Approved by:

    Barak Rozenblat – VP Cloud Services


    Feb 16, 2014

    Reviewed & Revised:

    Jun 7, 2017


    Revision Control

    Version Number Nature of Change Date Approved


    Initial version

    Feb 16, 2014



    Oct 20, 2016



    Jun 07, 2017

    Document Distribution and Review

    The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver