Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Ex Libris RefWorks integration with Shibboleth Security Vulnerability Updated - February 11, 2020

    Subject: Ex Libris RefWorks integration with Shibboleth Security Vulnerability Updated: February 11, 2020

    Overview

    Shibboleth is used to integrate institutional identity management systems with Ex Libris products. On February 6, 2020, a vulnerability was discovered in the Ex Libris RefWorks integration with Shibboleth. 

    The vulnerability, if exploited, could potentially have allowed an attacker to bypass the authentication mechanism and access user accounts. Following our analysis, there was no indication of exploit for this vulnerability. 

    To address this issue, Ex Libris implemented a security solution on February 7, 2020, that mitigated the identified vulnerability.

    Effective Security Severity Level:

    Critical

    Ex Libris implemented a security solution on February 7, 2020, that mitigated the identified vulnerability.

     

    Affected Systems:

    Ex Libris RefWorks integration with Shibboleth.

    Tests and Certifications:

    The fix for this vulnerability was developed, tested and certified for Ex Libris RefWorks product.

    Actions Taken:

    Ex Libris has deployed the fix to Ex Libris RefWorks product that addresses the vulnerability described in this advisory and no action is required by our cloud customers.

    Exploitation and Public Announcements

    The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.