If a JON agent is registered in a JON server's inventory with a given name, then any other agent can connect to the JON server and assume the identity of this registered agent simply by assuming its agent name. The JON agent key is not verified, allowing malicious JON agents to connect to the server.
This issue has been addressed in following products: JBoss Operations Network 2.4.2 Via RHSA-2012:0089 https://rhn.redhat.com/errata/RHSA-2012-0089.html
This issue has been addressed in following products: JBoss Operations Network 3.0.1 Via RHSA-2012:0406 https://rhn.redhat.com/errata/RHSA-2012-0406.html