CVE-2024-4598 | THREATINT

Description

An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between executions. This vulnerability does not impact user credentials or access tokens but may lead to leakage of sensitive business information handled during message flows.

PUBLISHED Reserved 2024-05-07 | Published 2025-09-23 | Updated 2025-09-23 | Assigner WSO2

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Product status

Default status

unaffected

Any version before 3.2.0

unknown

3.2.0 (custom) before 3.2.0.422

affected

3.2.1 (custom) before 3.2.1.42

affected

4.1.0 (custom) before 4.1.0.152

affected

4.3.0 (custom) before 4.3.0.55

affected

Default status

unaffected

Any version before 1.2.0

unknown

1.2.0 (custom) before 1.2.0.157

affected

4.1.0 (custom) before 4.1.0.95

affected

References

security.docs.wso2.com/...ty-advisories/2025/WSO2-2024-3355/ vendor-advisory

cve.org (CVE-2024-4598)

nvd.nist.gov (CVE-2024-4598)

Download JSON