Tripwire commercial versions equal to and below 2.4 and Tripwire open source versions equal to and below 2.3.1 are susceptible to a format string vulnerability an email report is generated. This vulnerability allows an attacker to execute arbitrary code with the rights of the user running the file check, which is typically root.
92e5eef21ab6cff8a801d98be62205f1d78683b06bdc07dc1cffa5141ea0a2a7