Ex Libris Patron Directory Services 2.1 Open Redirect

`*CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect  
Security Vulnerability*  
  
  
  
Exploit Title: Ex Libris Patron Directory Services (PDS) Logon Page url  
Parameter Open Redirect  
Product: Ex Libris Patron Directory Services (PDS)  
Vendor: Ex Libris  
Vulnerable Versions: 2.1 and probability prior  
Tested Version: 2.1  
Advisory Publication: DEC 29, 2014  
Latest Update: DEC 29, 2014  
Vulnerability Type: Open Redirect [CWE-601]  
CVE Reference: CVE-2014-7294  
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)  
Impact Subscore: 4.9  
Exploitability Subscore: 8.6  
Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]  
  
  
  
  
  
*Advisory Details:*  
  
*(1) Vendor URL:*  
http://www.exlibrisgroup.org/display/CrossProductCC/PDS+OpenSSO+Integration  
  
  
  
*Product Description:*  
“Ex Libris is a leading worldwide developer and provider of  
high-performance applications for libraries, information centres, and  
researchers.”  
  
“Patron Directory Services (PDS) module was provides a seamless single  
sign-on (SSO) environment for all Ex Libris products. such as, Aleph,  
Metalib, Primo, DigiTool, Rosetta …”  
  
It is one of the largest library management system which used by large  
numbers of universities and institutions.  
  
  
  
  
  
*(2) Vulnerability Details:*  
  
Ex Libris Patron Directory Services (PDS) can be exploited by Open Redirect  
Attacks.  
  
  
*(2.1) *The vulnerability occurs at “PDS” service’s logon page, with “&url”  
parameter.  
  
  
  
  
  
  
*References:*  
http://tetraph.com/security/cves/cve-2014-7294-ex-libris-patron-directory-services-pds-open-redirect-security-vulnerability/  
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7294  
  
  
  
  
  
  
  
--  
Wang Jing  
School of Physical and Mathematical Sciences (SPMS)  
Nanyang Technological University (NTU), Singapore  
  
  
`