Skip to main content
ExLibris

Knowledge Assistant

BETA
 
Cross-Product

 

Ex Libris Knowledge Center
  1. Search site
    Go back to previous article
    2. Sign in
      • Sign in
      • Forgot password
  1. Home
  2. Cross-Product
  3. Security
  4. Advisories
  5. Security Advisory - Ex Libris campusM Cloud Log Security Vulnerability Updated – July 29, 2020

Security Advisory - Ex Libris campusM Cloud Log Security Vulnerability Updated – July 29, 2020

  1. Last updated
  2. Save as PDF
  3. Share
    1. Share
    2. Tweet
    3. Share
  1. Overview
  2. Effective Security Severity Level
  3. Affected Systems
  4. Tests and Certifications
  5. Action Taken by Ex Libris for Cloud Systems

Overview

On July 28, 2020, a vulnerability was discovered in the Ex Libris campusM error log file. The vulnerability applied only to customers using the Connect Layer with an LDAP authentication process and only when a user login process failed.

The vulnerability could potentially allow Ex Libris authorized staff to view the user details of the failed login attempt, as displayed in the system error log. The error logs are not available to any outside access. Additionally, error logs are kept for 7 days only and deleted automatically.

Effective Security Severity Level

High

Ex Libris implemented a fix on July 28, 2020 that mitigated the identified vulnerability.

Affected Systems

Ex Libris campusM product

Tests and Certifications

The fix for this vulnerability has been developed, tested and certified for Ex Libris products.

Action Taken by Ex Libris for Cloud Systems

  • Ex Libris has already deployed the fix to all cloud environments

  • No action is required by campusM customers

 

Exploitation and Public Announcements

The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

 

Record of Changes

Type of information Document Data

Document Title:

Security Advisory – Ex Libris campusM Cloud Log Security Vulnerability Updated - July 29, 2020

Document Owner:

Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

Approved by:

Barak Rozenblat – VP Cloud Services

Issued:

July 29, 2020

Reviewed & Revised:

July 29, 2020

 

Revision Control

Version Number Nature of Change Date Approved

1.0

Initial version

July 29, 2020

Document Distribution and Review

The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver

View article in the Exlibris Knowledge Center
  1. Back to top
    • Security Advisory - Alma “Forgot My Password” Vulnerability Identified and Corrected – March 29, 2021
    • Security Advisory - Ex Libris Primo VE Log-in Security Vulnerability - September 05, 2021
  • Was this article helpful?

Recommended articles

  1. Content Type
    Documentation
  2. Tags
    This page has no tags.
  1. © Copyright 2025 Ex Libris Knowledge Center
  2. Powered by CXone Expert ®
  • Term of Use
  • Privacy Policy
  • Contact Us
2025 Ex Libris. All rights reserved