Security Advisory- Local Customers – Update June 1, 2017
Misuse of SEND TO email function –Update May 18, 2017
Overview
Ex Libris considers security and privacy to be the highest of priorities, and continues to analyze the issues regarding the misuse of the SEND TO email function.
A solution for Cloud users was put in place in May 2017.
On Monday, June 5, 2017, Ex Libris will provide a solution for local, on-premise customers. A more comprehensive solution will be available as part of the Primo August release.
A user could manually send mail to multiple recipients that could cause a load on the Primo mail server.
On May 18, Ex Libris implemented a solution for our Cloud services using multiple layers of security to protect the send mail function to multiple recipients.
Current Status: Information for On-Premise Customers – Update June 1, 2017
Effective Security Severity Level:
Medium
Affected Systems:
Primo
Tests and Certifications:
The mitigation for this issue has been identified.
Actions Taken for Hosted Systems:
Ex Libris implemented a security solution on May 18, 2017
Required Actions for On-Premise Systems:
On-premise customers should follow the instructions published by Ex Libris on Friday, May 26, 2017. We are looking into additional mitigations for our on-premise customers and will provide another update on Monday, June 5, 2017. A more comprehensive solution will be available as part of the Primo August release