'Critical flaw in Java's Spring Framework has so far hit 16% firms globally'

A critical vulnerability recently detected in the Spring Framework for Java has affected 16% of organisations across the globe. Spring Framework is a programming and configuration model providing infrastructure support for Java developers. In the first weekend, since the vulnerability — Spring4Shell Zero Day — was found, the Check Point researcher spotted around 37,000 attempts to allocate it.

“In our previous report we’ve detailed that organisations using Java Spring should immediately review their software and update to the latest versions by following the official spring project guidance,” Checkpoint said in its blogpost.

In addition, we’ve reported that Check Point CloudGuard AppSec provides pre-emptive protection against exploits of the above CVEs which means no software update is required and that these users are protected, the post further read.

While software vendors are the most impacted industry where 28% of the organisation faced the brunt, the most impacted region seen is Europe, with an impact of 20%.

If your organisation is using Java Spring and not using CloudGuard AppSec, immediately review your software and update to the latest versions by following the official Spring project guidance, the researchers suggested in the post.

“If you are already using CloudGuard AppSec, you are protected! No software update is required. To ensure that you are protected by CloudGuard AppSec, the only thing you need to do is to make sure that the Web Application or Web API Best Practice of your Asset is set to the Default Prevent Mode. No updates or other settings are needed,” they further added.