CVE Catalog

CVE-2026-12163

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with sufficient privileges can store malicious script in node or database configuration fields, which will be executed in another administrator's browser.

Risk Assessment

An attacker could steal administrator sessions, modify file integrity monitoring configuration, or access sensitive data, compromising the security of the entire IT infrastructure.

Recommendation

Upgrade Fortra FIM to version 9.4.0.1 or later immediately. Until then, restrict permissions to create or modify node and database configurations to trusted users only.

Original NVD description (English source)

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields could store script content that may be rendered as HTML instead of safely escaped text when the affected Asset View UI content is displayed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS