CVE-2024-12310

HIGH

Imprivata Enterprise Access Mgmt <24.2 - Auth Bypass

Title source: llm

Description

A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of keyboard shortcuts. This issue affects Imprivata Enterprise Access Management versions 5.3 through 24.2.

References (1)

Core 1

Core References

Various Sources

https://www.redguard.ch/blog/2025/07/23/cve-2024-12310-imprivata-bypass-of-login-screen/

Scores

CVSS v4 7.0

EPSS 0.0017

EPSS Percentile 6.2%

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-287

Status published

Products (1)

Imprivata/Enterprise Access Management 5.3 - 24.2

Published Jul 23, 2025

Tracked Since Feb 18, 2026