Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability.