COOEY // HUBcompliance · community · intelligence

FAIL › dossier

IBM company FedRAMP market

FedRAMP provider ·

9
failure events
0
zero-days
3
RCEs
0
on KEV
1
critical
40
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 9 events

DateEventSevFlagsShameSummary
2026-06-30 CVE-2026-13772 high ⚡RCE 40 IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators);
2026-06-22 CVE-2026-9072 high ⚡RCE 40 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker i
2026-07-08 CVE-2026-9074 critical 35 IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.
2026-06-30 CVE-2026-13773 medium ⚡RCE 35 IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink
2026-07-08 CVE-2026-3144 high 25 IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update.
2026-06-30 CVE-2026-13449 high 25 IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
2026-06-30 CVE-2026-11541 high 25 IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.
2026-06-30 CVE-2026-11714 high 25 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.
2026-06-30 CVE-2026-11546 high 25 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled.

FedRAMP catalog products 5

ProductStatusImpact
IBM Cloud for Government Authorized High
IBM Federal HR Cloud Authorized Moderate
IBM Maximo and TRIRIGA on Cloud for U.S. Federal Authorized Moderate
MaaS360 Enterprise Mobility Management Authorized Moderate
SmartCloud for Government Authorized High