exploitDog

CVE-2025-67282

Опубликовано: 09 янв. 2026

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user.

Ссылки

https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes
Release Notes
https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tim-solutions:tim_flow:*:*:*:*:*:*:*:*

Версия до 9.1.2 (исключая)

EPSS

Процентиль: 7%

0.00028

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-288

Связанные уязвимости

GHSA-vhrf-h3r9-63x8

CVSS3: 5.4

github

29 дней назад

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user.

EPSS

Процентиль: 7%

0.00028

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-288