Skip to main content
ExLibris
Ex Libris Knowledge Center

Security Advisory – SUNBURST - SolarWinds Orion vulnerability – Updated December 21, 2020

Overview

On December 13, 2020, the Cybersecurity & Infrastructure Agency (CISA) released Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise. SolarWinds was the victim of a cyberattack that inserted a vulnerability into its Orion Software which, if present, could potentially allow an attacker to compromise the server on which the Orion products run.

Sometime in early 2020, a breach of the supply-chain side of the SolarWinds® Orion® IT Monitoring Platform resulted in the introduction of malicious code. Per SolarWinds®, this code has been identified as present in several Orion® builds, starting with version 2019.4 HF5 through 2020.2 HF1, released between March 2020 and June 2020.

SolarWinds Orion is used mainly by IT professionals to monitor networks.

EX LIBRIS CLOUD SERVICES DOES NOT USE SOLARWINDS ORION PRODUCTS.

Effective Security Severity Level

Critical

Affected Systems

No Ex Libris Cloud solutions or SaaS infrastructure utilizes SOLARWINDS Orion.

Actions Taken for Hosted Systems: None.

EX LIBRIS CLOUD SERVICES DOES NOT USE SOLARWINDS ORION PRODUCTS.

Required Actions for On-Premises and Local Systems:

If you use SloarWinds Orion in your environment, Ex Libris recommends following SolarWinds’ instructions found on their site:  https://www.solarwinds.com/securityadvisory.

Exploitation and Public Announcements

The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

 

Record of Changes

Type of information Document Data

Document Title:

Security Advisory – SUNBURST - SolarWinds Orion vulnerability – Updated December 21, 2020

Document Owner:

Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

Approved by:

Barak Rozenblat – VP Cloud Services

Issued:

Dec 21, 2020

Reviewed & Revised:

Dec 21, 2020

 

Revision Control

Version Number Nature of Change Date Approved

1.0

Initial version

Dec 21, 2020

Document Distribution and Review

The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver