The bug is an arbitrary code execution flaw, allowing threat actors to run any code on either Windows, or Linux servers.
https://www.techradar.com/pro/security/critical-remote-code-execution-flaw-in-apache-ofbiz-patched
https://www.techradar.com/pro/security/critical-remote-code-execution-flaw-in-apache-ofbiz-patched