VYPR
Vendor

Valtimo Platform

Products
3
CVEs
6
Across products
6
Status
Private

Products

3

Recent CVEs

6
  • CVE-2024-34706CriMay 14, 2024
    risk 0.57cvss 9.8epss 0.01

    Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user is exposed to `api.form.io` via the the `x-jwt-token` header. An attacker can retrieve personal information from this token, or use it to…

  • CVE-2026-42555CriMay 14, 2026
    risk 0.52cvss 9.1epss 0.01

    Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language…

  • CVE-2025-58059CriAug 28, 2025
    risk 0.52cvss 9.1epss 0.00

    Valtimo is a platform for Business Process Automation. In versions before 12.16.0.RELEASE, and from 13.0.0.RELEASE to before 13.1.2.RELEASE, any admin that can create or modify and execute process-definitions could gain access to sensitive data or resources. This includes but is…

  • CVE-2025-48881HigMay 30, 2025
    risk 0.47cvss 8.3epss 0.00

    Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by…

  • CVE-2026-44516HigMay 14, 2026
    risk 0.42cvss 7.6epss 0.00

    Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and…

  • CVE-2026-34164MedApr 16, 2026
    risk 0.25cvss 4.9epss 0.00

    Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data…