Just got the results from our PEN test last week. We failed in part by a vulnerability found in Virtualization Manager 6.3. The description is [OpenNMS Java Object Deserialization Remote Code Execution Vulnerability].
Has anyone else run into this?
This vulnerability was resolved with the release of VMAN 6.3.2 (aka Service Release 2) which should be available in your customer portal. Ideally you would want to upgrade your VMAN appliance, any federated pollers and then your Orion integrated instance as well.