Security Advisory - Ex Libris Primo VE Log-in Security Vulnerability - September 05, 2021
Overview
A vulnerability in Ex Libris’ Primo VE has come to Ex Libris’ attention and has been eliminated. The vulnerability affected the login flow only for customers using the Consortia setup. Until the vulnerability was eliminated, a motivated user holding certain additional identifying information of other users within the same consortium could have exploited it to view certain contact information of, and list of books borrowed by, such other users.
Effective Security Severity Level
High
Affected Systems
Ex Libris’ Primo VE
Tests and Certifications
The fix for this vulnerability has been developed, tested, installed and certified for the Ex Libris Primo VE product.
Action Taken by Ex Libris for Cloud Systems
• Ex Libris has deployed the fix to all cloud environments
• No action is required by Primo VE customers
Exploitation and Public Announcements
The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Record of Changes
| Type of information | Document Data |
|
Document Title: |
Security Advisory – Ex Libris Primo VE Log-in Security Vulnerability - September 05, 2021 |
|
Document Owner: |
Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO) |
|
Approved by: |
Barak Rozenblat – VP Cloud Services |
|
Issued: |
September 05, 2021 |
|
Reviewed & Revised: |
September 05, 2021 |
Revision Control
| Version Number | Nature of Change | Date Approved |
|
1.0 |
Initial version |
September 05, 2021 |
Document Distribution and Review
The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver.