Security Advisory - Ex Libris campusM Cloud Log Security Vulnerability Updated – July 29, 2020

Overview

On July 28, 2020, a vulnerability was discovered in the Ex Libris campusM error log file. The vulnerability applied only to customers using the Connect Layer with an LDAP authentication process and only when a user login process failed.

The vulnerability could potentially allow Ex Libris authorized staff to view the user details of the failed login attempt, as displayed in the system error log. The error logs are not available to any outside access. Additionally, error logs are kept for 7 days only and deleted automatically.

Effective Security Severity Level

High

Ex Libris implemented a fix on July 28, 2020 that mitigated the identified vulnerability.

Affected Systems

Ex Libris campusM product

Tests and Certifications

The fix for this vulnerability has been developed, tested and certified for Ex Libris products.

Action Taken by Ex Libris for Cloud Systems

• Ex Libris has already deployed the fix to all cloud environments

• No action is required by campusM customers

Exploitation and Public Announcements

The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Record of Changes

Revision Control

Document Distribution and Review

The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver