CVE-2024-13297

Name of the Vulnerable Software and Affected Versions Eloqua versions 7.X-* through 7.X-1.15

Description The issue is related to the deserialization of untrusted data in Drupal Eloqua, allowing object injection. This can be exploited by a remote attacker to execute arbitrary code. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions 7.X-* through 7.X-1.15, update to a version after 7.X-1.15 to resolve the issue. As a temporary workaround, consider restricting access to the unserialize() function in the Eloqua module until a patch is available.