An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between executions.
This vulnerability does not impact user credentials or access tokens but may lead to leakage of sensitive business information handled during message flows.
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 06 Oct 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:4.1.0:-:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:4.3.0:-:*:*:*:*:*:* cpe:2.3:a:wso2:micro_integrator:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:micro_integrator:4.1.0:*:*:*:*:*:*:* | 
Thu, 25 Sep 2025 08:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Wso2 Wso2 api Manager Wso2 micro Integrator | |
| Vendors & Products | Wso2 Wso2 api Manager Wso2 micro Integrator | 
Tue, 23 Sep 2025 20:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-1259 | |
| Metrics | ssvc 
 | 
Tue, 23 Sep 2025 11:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between executions. This vulnerability does not impact user credentials or access tokens but may lead to leakage of sensitive business information handled during message flows. | |
| Title | Information Disclosure in Multiple WSO2 Products Due to Improper Handling in Enrich Mediator | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: WSO2
Published: 2025-09-23T10:39:16.195Z
Updated: 2025-09-23T19:35:33.987Z
Reserved: 2024-05-07T06:40:12.013Z
Link: CVE-2024-4598
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-09-23T19:35:29.192Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-09-23T11:15:39.063
Modified: 2025-10-06T13:36:30.390
Link: CVE-2024-4598
 Redhat
                        Redhat
                    No data.