{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12164", "assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "state": "PUBLISHED", "assignerShortName": "Fortra", "dateReserved": "2026-06-12T19:31:35.041Z", "datePublished": "2026-06-23T22:15:37.683Z", "dateUpdated": "2026-06-24T13:15:39.352Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "shortName": "Fortra", "dateUpdated": "2026-06-23T22:25:18.710Z"}, "title": "Privilege Escalation in Fortra File Integrity Monitoring (FIM)", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-266", "description": "CWE-266 Incorrect privilege assignment", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "Fortra", "product": "File Integrity Monitoring (FIM)", "versions": [{"status": "affected", "version": "0", "lessThan": "9.4.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the\u00a0tetool import\u00a0command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships."}]}], "references": [{"url": "https://www.fortra.com/security/advisories/product-security/fi-2026-010"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 9.4.0 or later.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Upgrade to version 9.4.0 or later."}]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-24T13:15:29.228755Z", "id": "CVE-2026-12164", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-24T13:15:39.352Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-12164", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-24T13:15:29.228755Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-24T13:15:35.624Z"}}], "cna": {"title": "Privilege Escalation in Fortra File Integrity Monitoring (FIM)", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Fortra", "product": "File Integrity Monitoring (FIM)", "versions": [{"status": "affected", "version": "0", "lessThan": "9.4.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 9.4.0 or later.", "supportingMedia": [{"type": "text/html", "value": "Upgrade to version 9.4.0 or later.", "base64": false}]}], "references": [{"url": "https://www.fortra.com/security/advisories/product-security/fi-2026-010"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the\u00a0tetool import\u00a0command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.", "supportingMedia": [{"type": "text/html", "value": "Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266 Incorrect privilege assignment"}]}], "providerMetadata": {"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "shortName": "Fortra", "dateUpdated": "2026-06-23T22:25:18.710Z"}}}, "cveMetadata": {"cveId": "CVE-2026-12164", "state": "PUBLISHED", "dateUpdated": "2026-06-24T13:15:39.352Z", "dateReserved": "2026-06-12T19:31:35.041Z", "assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "datePublished": "2026-06-23T22:15:37.683Z", "assignerShortName": "Fortra"}, "dataVersion": "5.2"}

{}

{}

{"created": "2026-06-24T03:30:05.212197+00:00", "updated": "2026-06-24T09:30:06.318739+00:00", "vendors": []}