devxlogo

Report: Buggy Java Components Leaving Enterprise Applications Insecure

Report: Buggy Java Components Leaving Enterprise Applications Insecure

Security vendor Veracode has released a new report which says that 97 percent of enterprise Java apps use at least one open source component with a known vulnerability. The most common is a vulnerable version of a component called Apache Commons Collections, which was in 25 percent of the applications studied.

“The Java deserialization vulnerability in Apache Commons Collections is an interesting example of an open-source, third-party component vulnerability, because it went from unknown to critical and highly exploitable, and because it was widely used in a variety of standard ‘infrastructure’ applications; web servers, application servers, CI servers,” said the report. “It’s worth noting that the issue was not just in the infrastructure applications, but in any application that uses Apache Commons Collections v.3.0 – 3.2.1 or 4.0. Addressing this vulnerability requires a broader response than just patching servers; it requires visibility into the component supply chain for all your applications.”

View article

devxblackblue

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist