CVE-2024-12310

Vulnerability Description

A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of keyboard shortcuts. This issue affects Imprivata Enterprise Access Management versions 5.3 through 24.2.

Related Weaknesses (CWE)

CWE-287

References

https://www.redguard.ch/blog/2025/07/23/cve-2024-12310-imprivata-bypass-of-login

FAQ

What is CVE-2024-12310?

CVE-2024-12310 is a documented vulnerability. A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlyin...

How severe is CVE-2024-12310?

CVSS scoring is not yet available for CVE-2024-12310. Check NVD for updates.

Is there a patch for CVE-2024-12310?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.