1. Home
  2. CVE Database
  3. CVE-2024-4598
MEDIUM · 6.5

CVE-2024-4598

An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from ot...

Vulnerability Description

An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between executions. This vulnerability does not impact user credentials or access tokens but may lead to leakage of sensitive business information handled during message flows.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Wso2Api Manager>= 3.2.0, < 3.2.0.422
Wso2Micro Integrator>= 1.2.0, < 1.2.0.157

Related Weaknesses (CWE)

CWE-1259

References

FAQ

What is CVE-2024-4598?

CVE-2024-4598 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from ot...

How severe is CVE-2024-4598?

CVE-2024-4598 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-4598?

Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager, Wso2 Micro Integrator.