Java Deserialization vulnerability in Apache OfBiz (CVE-2022-29063)

The following vulnerability has been found by Matei "Mal" Badanoiu. It's a Java Deserialization via RMI Connection.

The OfBiz Solr plugin is configured by default to automatically make a RMI request on localhost, port 1099.
By hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code as the user that started OfBiz and potentially elevate his/her privileges.

We (security team) want to Note that this exploit can only be done on a shared server. That's why it's of low severity.