FAIL › dossier
FedRAMP provider ·
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2026-03-03 | CVE-2026-22719 | high | ⚡RCE ⌖KEV | 65 | Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support‑assisted product migration. |
| 2026-01-23 | CVE-2024-37079 | high | ⚡RCE ⌖KEV | 65 | Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor with network access to vCenter Server to send specially crafted network packets, potentially leading to remote code execut |
| 2025-04-28 | CVE-2025-1976 | high | ⚡RCE ⌖KEV | 65 | Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges. |
| 2025-10-30 | CVE-2025-41244 | high | ⌖KEV | 50 | Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploi |
| 2026-07-10 | CVE-2026-57216 | medium | 20 | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol pat | |
| 2026-07-10 | CVE-2026-57211 | medium | 20 | RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded backslashes to erl_prim_loader:read_file_info before path validation when multiple management extensio |
| Product | Status | Impact |
|---|---|---|
| Clarity | Authorized | Moderate |
| General Support Systems (GSS) | Authorized | Moderate |
| Rally | Authorized | Moderate |
| Symantec Gov Cloud Security (GCS) | In Process | Moderate |