Security Advisory - Vulnerability in digital file discovery - October 02, 2023
Overview
On September 13, 2023, a vulnerability was identified in the digital file discovery used by Primo and Alma Digital. An unauthenticated user was potentially able to manipulate the API requests and gain read only access to digital files hosted on Amazon. Ex Libris promptly deployed a fix and addressed the issue.
Effective Security Severity Level
High
Affected Systems
Ex Libris’ Primo and Alma Digital products
Tests and Certifications
The fix for this vulnerability has been developed, tested, installed on the Primo and Alma Digital products.
Action Taken by Ex Libris for Affected Systems
• Ex Libris has deployed the fix to all environments
• No action is required by Primo and Alma Digital customers
Exploitation and Public Announcements
The Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Record of Changes
| Type of information | Document Data |
|
Document Title: |
Security Advisory - Vulnerability in digital file discovery - October 02, 2023 |
|
Document Owner: |
Eddie Lavian - Cyber Security Engineer |
|
Approved by: |
Christian Wagner - Chief Information Security Officer (CISO) |
|
Issued: |
October 02, 2023 |
|
Reviewed & Revised: |
October 02, 2023 |
Revision Control
| Version Number | Nature of Change | Date Approved |
|
1.0 |
Initial version |
October 02, 2023 |
Document Distribution and Review
The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver