TIM BPM Suite和TIM FLOW 安全漏洞

TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite and TIM FLOW versions 9.1.2 and earlier, which stems from Hibernate query language injection and could lead to information disclosure...

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...

CVE-2025-67281

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content...

PT-2026-1875

Name of the Vulnerable Software and Affected Versions TIM BPM Suite & TIM FLOW versions prior to 9.1.2 Description The application stores password hashes in MD5 format, which allows a remote attacker to escalate privileges. Recommendations Update to version 9.1.2 or later...

TIM BPM Suite和TIM FLOW 安全漏洞

TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite and TIM FLOW versions prior to 9.1.2 that stems from password hashes being stored in MD5 format, which could lead to elevated privileges...

PT-2026-1877

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple SQL injection flaws that could allow both low-privileged and administrative users to access the database and its contents. Recommendations Versions prior...

CVE-2025-67279

TIM BPM Suite & TIM FLOW (TIM Solution GmbH) before v9.1.2 are affected by CVE-2025-67279. The issue: password hashes stored with MD5, enabling a remote attacker to escalate privileges. Affected versions are prior to 9.1.2; exploitation details are not provided beyond the vulnerability descriptio...

TIM BPM Suite和TIM FLOW 安全漏洞

TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite and TIM FLOW versions 9.1.2 and earlier, which stems from an authorization bypass that could lead to elevated privileges and information disclosure...

CVE-2025-67282

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...

CVE-2025-67278

TIM BPM Suite and TIM FLOW versions prior to 9.1.2 are affected by a vulnerability that lets a remote attacker escalate privileges via a crafted HTTP request. The issue is documented across multiple sources (NVD, Red Hat, CNNVD) with a fix only noted as upgrading to 9.1.2 or later. The exact root...

CVE-2025-67280

TIM BPM Suite and TIM FLOW

CVE-2025-67281

TIM BPM Suite/TIM FLOW (through 9.1.2) contains multiple SQL injection flaws that could let a low-privileged or administrative user access the database and its contents. Affected component is the SQL execution areas in the application; root cause is SQL injection vulnerabilities disclosed across ...

PT-2026-1876

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple Hibernate Query Language injection flaws. A user with limited privileges can exploit these to obtain passwords of other users and access sensitive data...