PT-2025-30572 · Microsoft+1 · Windows+2
Published
2025-07-23
·
Updated
2025-07-23
·
CVE-2024-12310
CVSS v4.0
7.0
High
| Vector | AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Imprivata Enterprise Access Management versions 5.3 through 24.2
Description
A flaw in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows bypassing the login screen on shared kiosk workstations, potentially granting unauthorized access to the underlying Windows system via the autologon account. This occurs due to insufficient handling of keyboard shortcuts.
Recommendations
Update Imprivata Enterprise Access Management to a version later than 24.2.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imprivata Enterprise Access Management
Imprivata Onesign
Windows