Apache OpenMeetings version 3.1.0 is vulnerable to remote code execution via an RMI deserialization attack.