CVE-2025-67278
- EPSS 0.01%
- Veröffentlicht 09.01.2026 00:00:00
- Zuletzt bearbeitet 22.01.2026 21:29:32
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request
CVE-2025-67279
- EPSS 0.02%
- Veröffentlicht 09.01.2026 00:00:00
- Zuletzt bearbeitet 22.01.2026 21:32:59
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format
CVE-2025-67280
- EPSS 0.01%
- Veröffentlicht 09.01.2026 00:00:00
- Zuletzt bearbeitet 22.01.2026 21:33:32
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user.
CVE-2025-67281
- EPSS 0.01%
- Veröffentlicht 09.01.2026 00:00:00
- Zuletzt bearbeitet 22.01.2026 21:35:21
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content.
CVE-2025-67282
- EPSS 0.01%
- Veröffentlicht 09.01.2026 00:00:00
- Zuletzt bearbeitet 22.01.2026 21:32:26
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify...