On 11 January 2024, VulnCheck announced the development of a proof-of-concept (POC) exploit for a recently reported Apache OfBiz vulnerability (CVE-2023-51467). At the time of the initial report, there was no official CVSS score, which has been rated to 9.8.
The VulnCheck report clarifies that the attack surface for this vulnerability is relatively small, with hundreds of instances being vulnerable globally. Nonetheless, exploitation may lead to a significant impact, as the POC demonstrates that a potential attacker may exploit the flaw to achieve arbitrary in-memory code execution.