5 matches found
CVE-2025-67278
TIM BPM Suite and TIM FLOW versions prior to 9.1.2 are affected by a vulnerability that lets a remote attacker escalate privileges via a crafted HTTP request. The issue is documented across multiple sources (NVD, Red Hat, CNNVD) with a fix only noted as upgrading to 9.1.2 or later. The exact root...
CVE-2025-67281
TIM BPM Suite/TIM FLOW (through 9.1.2) contains multiple SQL injection flaws that could let a low-privileged or administrative user access the database and its contents. Affected component is the SQL execution areas in the application; root cause is SQL injection vulnerabilities disclosed across ...
CVE-2025-67282
TIM BPM Suite/TIM FLOW (through version 9.1.2) contains multiple Authorization Bypass vulnerabilities that permit a low-privilege user to: download other users’ password hashes, access other users’ work items, modify restricted workflow content, alter the application logo, and manipulate other us...
CVE-2025-67279
TIM BPM Suite & TIM FLOW (TIM Solution GmbH) before v9.1.2 are affected by CVE-2025-67279. The issue: password hashes stored with MD5, enabling a remote attacker to escalate privileges. Affected versions are prior to 9.1.2; exploitation details are not provided beyond the vulnerability descriptio...
CVE-2025-67280
TIM BPM Suite and TIM FLOW