CVE-2014-3719

Name of the Vulnerable Software and Affected Versions Ex Libris ALEPH 500 versions 18.1 through 20

Description The issue concerns multiple SQL injection vulnerabilities in the cgi-bin/review m.cgi component of Ex Libris ALEPH 500. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via the find, lib, or sid parameters.

Recommendations For versions 18.1 through 20, consider restricting access to the vulnerable cgi-bin/review m.cgi component until a patch is available. As a temporary workaround, avoid using the find, lib, or sid parameters in the affected API endpoint until the issue is resolved.