Yexing

**Name of the Vulnerable Software and Affected Versions** symphony versions 3.6.3 and earlier **Description** An issue in the software allows a remote attacker to execute arbitrary code via the log4j component. **Recommendations** For versions 3.6.3 and earlier, consider disabling the log4j component until a patch is available. Restrict access to the log4j component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WuKongOpenSource WukongCRM version 72crm 9.0.1 20191202 **Description** An issue in WuKongOpenSource WukongCRM allows a remote attacker to execute arbitrary code via the `parseObject()` function in the fastjson component. **Recommendations** For version 72crm 9.0.1 20191202, consider disabling the `parseObject()` function in the fastjson component as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.