FAIL › dossier
FedRAMP provider ·
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2026-06-30 | CVE-2026-13772 | high | ⚡RCE | 40 | IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); |
| 2026-06-22 | CVE-2026-9072 | high | ⚡RCE | 40 | IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker i |
| 2026-07-08 | CVE-2026-9074 | critical | 35 | IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality. | |
| 2026-06-30 | CVE-2026-13773 | medium | ⚡RCE | 35 | IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink |
| 2026-07-08 | CVE-2026-3144 | high | 25 | IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update. | |
| 2026-06-30 | CVE-2026-13449 | high | 25 | IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |
| 2026-06-30 | CVE-2026-11541 | high | 25 | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability. | |
| 2026-06-30 | CVE-2026-11714 | high | 25 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled. | |
| 2026-06-30 | CVE-2026-11546 | high | 25 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. |
| Product | Status | Impact |
|---|---|---|
| IBM Cloud for Government | Authorized | High |
| IBM Federal HR Cloud | Authorized | Moderate |
| IBM Maximo and TRIRIGA on Cloud for U.S. Federal | Authorized | Moderate |
| MaaS360 Enterprise Mobility Management | Authorized | Moderate |
| SmartCloud for Government | Authorized | High |