CVE-2024-4598

Information Disclosure in Multiple WSO2 Products Due to Improper Handling in Enrich Mediator

Description

An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between executions. This vulnerability does not impact user credentials or access tokens but may lead to leakage of sensitive business information handled during message flows.

INFO

Published Date :

2025-09-23T10:39:16.195Z

Last Modified :

2025-09-23T19:35:33.987Z

Source :

WSO2

AFFECTED PRODUCTS

The following products are affected by CVE-2024-4598 vulnerability.

Vendors	Products
Wso2	Api Manager Micro Integrator

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4598.

URL	Resource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3355/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact