Lucene search
K
Tim-solutionsTim Flow

5 matches found

CVE
CVE
added 2026/01/09 12:0 a.m.13 views

CVE-2025-67278

TIM BPM Suite and TIM FLOW versions prior to 9.1.2 are affected by a vulnerability that lets a remote attacker escalate privileges via a crafted HTTP request. The issue is documented across multiple sources (NVD, Red Hat, CNNVD) with a fix only noted as upgrading to 9.1.2 or later. The exact root...

6.5CVSS6.9AI score0.00276EPSS
CVE
CVE
added 2026/01/09 12:0 a.m.12 views

CVE-2025-67281

TIM BPM Suite/TIM FLOW (through 9.1.2) contains multiple SQL injection flaws that could let a low-privileged or administrative user access the database and its contents. Affected component is the SQL execution areas in the application; root cause is SQL injection vulnerabilities disclosed across ...

5.4CVSS7.5AI score0.00192EPSS
CVE
CVE
added 2026/01/09 12:0 a.m.12 views

CVE-2025-67282

TIM BPM Suite/TIM FLOW (through version 9.1.2) contains multiple Authorization Bypass vulnerabilities that permit a low-privilege user to: download other users’ password hashes, access other users’ work items, modify restricted workflow content, alter the application logo, and manipulate other us...

5.4CVSS6.6AI score0.00195EPSS
CVE
CVE
added 2026/01/09 12:0 a.m.11 views

CVE-2025-67279

TIM BPM Suite & TIM FLOW (TIM Solution GmbH) before v9.1.2 are affected by CVE-2025-67279. The issue: password hashes stored with MD5, enabling a remote attacker to escalate privileges. Affected versions are prior to 9.1.2; exploitation details are not provided beyond the vulnerability descriptio...

5.3CVSS7.1AI score0.00311EPSS
CVE
CVE
added 2026/01/09 12:0 a.m.11 views

CVE-2025-67280

TIM BPM Suite and TIM FLOW

5.4CVSS6.8AI score0.00195EPSS