Skip to main content
ExLibris

Knowledge Assistant

BETA
  • Subscribe by RSS
    • Back
    Cross-Product

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      2. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Cross-Product
    3. Security
    4. Advisories
    5. Ex Libris RefWorks integration with Shibboleth Security Vulnerability Updated - February 11, 2020

    Ex Libris RefWorks integration with Shibboleth Security Vulnerability Updated - February 11, 2020

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Overview
    2. Effective Security Severity Level
    3. Affected Systems
    4. Tests and Certifications
    5. Actions Taken

    Overview

    Shibboleth is used to integrate institutional identity management systems with Ex Libris products. On February 6, 2020, a vulnerability was discovered in the Ex Libris RefWorks integration with Shibboleth. 

    The vulnerability, if exploited, could potentially have allowed an attacker to bypass the authentication mechanism and access user accounts. Following our analysis, there was no indication of exploit for this vulnerability. 

    To address this issue, Ex Libris implemented a security solution on February 7, 2020, that mitigated the identified vulnerability.

    Effective Security Severity Level

    Critical

    Ex Libris implemented a security solution on February 7, 2020, that mitigated the identified vulnerability.

    Affected Systems

    Ex Libris RefWorks integration with Shibboleth.

    Tests and Certifications

    The fix for this vulnerability was developed, tested and certified for Ex Libris RefWorks product.

    Actions Taken

    Ex Libris has deployed the fix to Ex Libris RefWorks product that addresses the vulnerability described in this advisory and no action is required by our cloud customers.

     

    Exploitation and Public Announcements 

    The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

     

    Record of Changes

    Type of information Document Data

    Document Title:

    Security Advisory – Ex Libris RefWorks integration with Shibboleth Security Vulnerability Updated: February 11, 2020

    Document Owner:

    Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

    Approved by:

    Barak Rozenblat – VP Cloud Services

    Issued:

    Feb 11, 2020

    Reviewed & Revised:

    Feb 11, 2020

     

    Revision Control

    Version Number Nature of Change Date Approved

    1.0

    Initial version

    Feb 11, 2020

    Document Distribution and Review

    The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver

    View article in the Exlibris Knowledge Center
    1. Back to top
      • Security Advisory - Ex Libris campusM Integration with Ex Libris Alma-Primo Security Vulnerability Updated – March 9, 2020
      • Security Advisory – Google Chrome Browser Version 80 Updates and Ex Libris Products and Services - February 13, 2020
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Documentation
      Language
      English
    2. Tags
      This page has no tags.
    1. © Copyright 2024 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2024 Ex Libris. All rights reserved