Security Advisory WSO2-2024-3355/CVE-2024-4598¶
Published: 2025-07-15
Version: 1.0.0
Severity: Medium
CVSS Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVE IDs: CVE-2024-4598
AFFECTED PRODUCTS¶
- WSO2 API Manager: 3.2.0, 3.2.1, 4.1.0, 4.3.0
- WSO2 Micro Integrator: 1.2.0, 4.1.0
OVERVIEW¶
Information disclosure.
DESCRIPTION¶
Due to the improper implementation of enrich mediator, authenticated users of the system may see the data across the mediators.
IMPACT¶
This vulnerability can expose certain business information across mediators. However, it does not have the impact on user credentials or any other access tokens.
SOLUTION¶
Community Users (Open Source)¶
We highly recommend to migrate to the latest version of respective WSO2 products to mitigate the identified vulnerabilities.
Support Subscription Holders¶
Update your product to the specified update level or a higher update level to apply the fix.
Info
WSO2 Support Subscription Holders may use WSO2 Updates in order to apply the fix.
| Product Name | Product Version | U2 Update Level |
|---|---|---|
| WSO2 API Manager | 3.2.0 | 422 |
| WSO2 API Manager | 3.2.1 | 42 |
| WSO2 API Manager | 4.1.0 | 152 |
| WSO2 API Manager | 4.3.0 | 55 |
| WSO2 Micro Integrator | 1.2.0 | 157 |
| WSO2 Micro Integrator | 4.1.0 | 95 |