Apache OFBiz is a Java-based web framework for automating enterprise processes. The flaw affects all versions of the software prior to 17.12.06 and employs an “unsafe deserialization” as an attack vector to permit unauthorized remote attackers to execute arbitrary code on a server directly. The vulnerability has been tracked as CVE-2021-26295. It’s recommended to upgrade Apache ofBiz to the latest version of the open-source software to mitigate the risk.
Source: https://thehackernews.com/2021/03/critical-rce-vulnerability-found-in.html