Not a surprise. I got in a LOT of trouble for identifying and outlining a trivial privilege escalation attack that worked on both NIPR and SIPR.
In the end I got to help write up the issue but to my knowledge they never patched it as it would have caused major issues with maintenance by closing off access needed for some legacy software patches.
It is very interesting the different reactions between your experience (and many whistleblowers), and how people react to software doing the same thing. Although in this case, maybe it isn't so different? They did essentially have the tool buried, out of sight out of mind for a little while at least.
What did you get into trouble for?