The flaw, CVE-2023-32315, allows attackers to bypass authentication and create new admin accounts, enabling them to install malicious Java plugins and execute arbitrary code on compromised servers.