Privilege Escalation in Fortra File Integrity Monitoring (FIM)_CVE-2026-12164

4.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Description

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.

Basic Information

ID CVE-2026-12164

Source Fortra

Published Jun 23, 2026 at 22:15

Affected Product

Vendor Fortra

Product File Integrity Monitoring (FIM)

Affected Versions Fortra File Integrity Monitoring (FIM) 0

CWE Classification

CWE-266

References

www.fortra.com /security/advisories/product-security/fi-2026-010

{
    "lastseen": "",
    "description": "Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the\u00a0tetool import\u00a0command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.",
    "published": "2026-06-23T22:15:37.683Z",
    "modified": "2026-06-23T22:15:37.683Z",
    "type": "cve",
    "title": "Privilege Escalation in Fortra File Integrity Monitoring (FIM)",
    "source": "Fortra",
    "references": "https://www.fortra.com/security/advisories/product-security/fi-2026-010",
    "id": "CVE-2026-12164",
    "bulletinFamily": "",
    "cwe": [
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Fortra File Integrity Monitoring (FIM) 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "File Integrity Monitoring (FIM)",
    "version": "0",
    "vendor": "Fortra",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}