Albert Volkman

**Name of the Vulnerable Software and Affected Versions** Eloqua versions 7.X-* through 7.X-1.15 **Description** The issue is related to the deserialization of untrusted data in Drupal Eloqua, allowing object injection. This can be exploited by a remote attacker to execute arbitrary code. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions 7.X-* through 7.X-1.15, update to a version after 7.X-1.15 to resolve the issue. As a temporary workaround, consider restricting access to the `unserialize()` function in the Eloqua module until a patch is available.