CVE-2024-12310
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-07-25
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imprivata | onesign | 24.2 |
| imprivata | enterprise_access_management | 7.11 |
| imprivata | enterprise_access_management | 24.3 |
| imprivata | enterprise_access_management | 24.1 |
| imprivata | enterprise_access_management | 5.3 |
| imprivata | enterprise_access_management | 7.12 |
| imprivata | enterprise_access_management | 23.2 |
| imprivata | enterprise_access_management | 23.3 |
| imprivata | enterprise_access_management | 24.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Imprivata Enterprise Access Management allows an attacker to bypass the login screen on a shared kiosk workstation. It enables unauthorized access to the underlying Windows system by exploiting insufficient handling of keyboard shortcuts related to the already logged-in autologon account.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to a Windows system on a shared kiosk workstation, potentially allowing attackers to access sensitive information or perform unauthorized actions without proper authentication.