Skip to main content
Ex Libris Knowledge Center

Security Advisory - Ex Libris Primo VE Log-in Security Vulnerability - September 05, 2021


A vulnerability in Ex Libris’ Primo VE has come to Ex Libris’ attention and has been eliminated. The vulnerability affected the login flow only for customers using the Consortia setup. Until the vulnerability was eliminated, a motivated user holding certain additional identifying information of other users within the same consortium could have exploited it to view certain contact information of, and list of books borrowed by, such other users.

Effective Security Severity Level 


Affected Systems

Ex Libris’ Primo VE

Tests and Certifications

The fix for this vulnerability has been developed, tested, installed and certified for the Ex Libris Primo VE product.

Action Taken by Ex Libris for Cloud Systems

• Ex Libris has deployed the fix to all cloud environments

• No action is required by Primo VE customers


Exploitation and Public Announcements 

The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.


Record of Changes

Type of information Document Data

Document Title:

Security Advisory – Ex Libris Primo VE Log-in Security Vulnerability - September 05, 2021

Document Owner:

Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

Approved by:

Barak Rozenblat – VP Cloud Services


September 05, 2021

Reviewed & Revised:

September 05, 2021


Revision Control

Version Number Nature of Change Date Approved


Initial version

September 05, 2021

Document Distribution and Review

The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver.