"XML external entity (XXE) injection vulnerability gives attackers a way to exfiltrate data from the #OpenNMS file server system, send arbitrary HTTP requests to internal and external services, and trigger denial-of-service"

https://www.darkreading.com/application-security/patch-now-opennms-bug-steals-data-triggers-denial-of-service