Imprivata EAM: Login Bypass on Shared Kiosk Workstations (CVE-2024-12310)

Key Information Vulnerability Overview Vulnerability Name: Imprivata EAM: Bypass of Login Screen on Shared Kiosk Workstations CVE ID: CVE-2024-12310 CVSS Score: 7 (High) Technical Details Description: On shared kiosk workstations, Imprivata EAM allows bypassing the login screen and direct access to the underlying Windows system. Cause: Inadequate handling of keyboard shortcuts leads to unauthorized access. Affected Versions Affected Versions: Imprivata OneSign 24.2 and higher, Imprivata Enterprise Access Management 5.3 and above. Fixed Versions Fixed Versions: - Imprivata EAM 23.3 (Wolf) HF6 - Imprivata EAM 7.11 (Titan) HF1.1 - Imprivata EAM 24.3 (Zeus) HF1 - Imprivata EAM 23.2 (Vega) HF8 - Imprivata EAM 24.1 (Xena) HF4 - Imprivata EAM 24.2 (Yoda) HF3 - Imprivata EAM 7.12 (Umbra) HF9 Recommended Mitigations and Countermeasures Upgrade Recommendation: Upgrade to a fixed version. Configuration Changes: - Set to - Set to Timeline Discovery Date: November 13, 2021 Reported to Vendor: November 13, 2021 Public Disclosure: July 23, 2025

Goal Reached Thanks to every supporter — we hit 100%!

Imprivata EAM: Login Bypass on Shared Kiosk Workstations (CVE-2024-12310)