Is CVE-2024-4598 actively exploited?

CVE-2024-4598 has no public evidence of in-the-wild exploitation as of 2026-01-09.

What is the CVSS score for CVE-2024-4598?

CVE-2024-4598 has a CVSS score of 6.5 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

How do I patch CVE-2024-4598?

Patch guidance is available from wso2 security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-4598.

CVE-2024-4598 - remediation guidance & executive summary

Q: Which products are affected by CVE-2024-4598?

6 products: wso2 api manager, wso2 api manager, wso2 api manager, wso2 api manager, wso2 micro integrator, and 1 more.

Description

An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between executions. This vulnerability does not impact user credentials or access tokens but may lead to leakage of sensitive business information handled during message flows.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-1259

Metadata

Primary Vendor: WSO2
Published: 9/23/2025
Last Modified: 1/9/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

wso2 : api_managerwso2 : api_managerwso2 : api_managerwso2 : api_managerwso2 : micro_integratorwso2 : micro_integrator

Remediation Guidance

Executive Summary

View on NIST NVD