CVE-2024-12310 HIGH

CVE-2024-12310: Bypass of Login Screen on Shared Kiosk Workstations

Vendor Imprivata
Product Enterprise Access Management
Weakness CWE-287 · Improper authentication
Published July 23, 2025
Last update July 23, 2025

CVSS base score

7.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of keyboard shortcuts. This issue affects Imprivata Enterprise Access Management versions 5.3 through 24.2.

Key dates

02Disclosure timeline

July 23, 2025 CVE published
July 23, 2025 Record updated