Primary

Context

TIM Solution TIM BPM Suite and TIM FLOW Privilege Escalation Vulnerability

Vulnerability

A vulnerability allowing remote privilege escalation has been identified in TIM Solution GmbH's TIM BPM Suite and TIM FLOW, prior to version 9.1.2. This issue arises because the application stores password hashes using the MD5 hashing algorithm, which is considered weak. An attacker can exploit this vulnerability to access and manipulate user data and workflows.

Impact

Exploitation of this vulnerability allows remote attackers to escalate privileges and access password hashes stored in MD5 format, enabling further exploitation of the application.

Remediation

The vendor has released a patch for this vulnerability in version 9.1.2. However, this fix has not yet been independently verified.

Added: Jan 9, 2026, 4:24 PM

Updated: Jan 9, 2026, 5:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TIM Solution TIM BPM Suite and TIM FLOW Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating