Skip to main content
ExLibris

Knowledge Assistant

BETA
  • Subscribe by RSS
    • Back
    SFX

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      2. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. SFX
    3. Knowledge Articles
    4. Security vulnerability issues – Basic troubleshooter

    Security vulnerability issues – Basic troubleshooter

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Description
    2. Resolution
      1. What to do when encountering a possible security vulnerability in an ExLibris product:
    3. Additional Information
    • Product: Cross-Product

    Description

    The below troubleshooting steps are relevant if you encountered a security vulnerability by running a pro-active scan on your ExLibris applications or if you've encountered a new vulnerability via a different channel.
    Vulnerabilities are security risks which may affect 3rd party products used by ExLibris applications.
    Most vulnerabilities are marked with a CVE ID (For example: CVE-2015-3456), for information regarding a specific vulnerability we recommend checking specialized sites such as https://nvd.nist.gov/.

    Resolution

    In general, we recommend always upgrading 3rd-party products to the latest supported versions in order to make sure you are not vulnerable. This can be done using the util sp method (see this knowledge article for explanations on using util sp for upgrading 3rd-party products).

    What to do when encountering a possible security vulnerability in an ExLibris product:
    1. Check the Announcements section of the ExLibris Security Zone for announcements of new known vulnerability policies.
    2. If the vulnerability is not mentioned in the security zone it might already be resolved in a supported version of the relevant 3rd party program.
      1. Find the vulnerability CVE ID in a specialized site, such as https://nvd.nist.gov/, and check in which version the vulnerability was resolved.
      2. Check the ExLibris Certified Third-Party Software and Security Patch Release Notes:
        1. If the version of the fix is supported by ExLibris – update the 3rd-party products using the util sp method; this should resolve the vulnerability issues (see this knowledge article for explanations on using util sp for upgrading 3rd-party products).
        2. If the version of the fix is not yet supported by ExLibris or Util SP is not executable, and the vulnerability is not addressed in the ExLibris Security Zone (step #1) – please contact support via CRM, setting category to "security and privacy" + relvant sub-category, including the vulnerability CVE ID. The support analyst handling the case will forward your report to the ExLibris security officer for analysis. Please do not share this kind of information in mailing lists, forums or over the internet. Instead, please contact Ex Libris Support as described above so that the Ex Libris vulnerability analysis and escalation processes can be initiated  (For more information,  please see the ExLibris vulnerability analysis policy)
    3. in any security or privacy issue, concern or question, please contact support via CRM, setting category to "security and privacy" + relvant sub-category. The support analyst handling the case will forward your report to the ExLibris security or privacy officer for analysis. . Please do not share this kind of information in mailing lists, forums or over the internet. Instead, please contact Ex Libris Support as described above so that the Ex Libris vulnerability analysis and escalation processes can be initiated.

    

    Additional Information

    More information on known vulnerabilities can be found at organizations such as National Vulnerability Database -  https://nvd.nist.gov/.

    • ExLibris Security Zone
    • ExLibris Certified Third-Party Software and Security Patch Release Notes
    • ExLibris New Third Party Software Evaluation and Plan
    • ExLibris security patches policy 
    • Article last edited: 17-March-2016

     

    View article in the Exlibris Knowledge Center
    1. Back to top
      • Security Tip: Protecting SFXAdmin
      • server_admin_util "clean tmp" utiliry removes files newer than specified date
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Knowledge Article
      Language
      English
      Product
      SFX
    2. Tags
      1. 3rd party
      2. Certification
      3. Infrastructure
      4. Security
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved