CVE-2025-67282

Medium CVSS: 5.4

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user.

Vendor

Tim-solutions

Product

Tim Flow

CWE

CWE-288

Yayın Tarihi

2026-01-09 16:16:07

Güncelleme

2026-01-22 21:32:26

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-288 Tim Flow MEDIUM Tim-solutions 2026

Referanslar

https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/

Benzer Kayıtlar

Medium

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges vi…

Medium

CVE-2025-67279

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges vi…

Medium

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a…

Medium

CVE-2025-67281

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and…