Skip to main content
Ex Libris Knowledge Center

Security Advisory - Vulnerability in digital file discovery - October 02, 2023


On September 13, 2023, a vulnerability was identified in the digital file discovery used by Primo and Alma Digital. An unauthenticated user was potentially able to manipulate the API requests and gain read only access to digital files hosted on Amazon. Ex Libris promptly deployed a fix and addressed the issue.

Effective Security Severity Level 


Affected Systems 

Ex Libris’ Primo and Alma Digital products

Tests and Certifications

The fix for this vulnerability has been developed, tested, installed on the Primo and Alma Digital products.

Action Taken by Ex Libris for Affected Systems 

• Ex Libris has deployed the fix to all environments

• No action is required by Primo and Alma Digital customers


Exploitation and Public Announcements 

The Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.



Record of Changes

Type of information Document Data

Document Title:

Security Advisory - Vulnerability in digital file discovery - October 02, 2023

Document Owner:

Eddie Lavian - Cyber Security Engineer

Approved by:

Christian Wagner - Chief Information Security Officer (CISO)


October 02, 2023

Reviewed & Revised:

October 02, 2023


Revision Control

Version Number Nature of Change Date Approved


Initial version

October 02, 2023

Document Distribution and Review

The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver