Security advisory

SupportCenter Plus Support Security advisory

OS command injection vulnerability in SupportCenter Plus

Severity: Low

CVE ID : CVE-2023-23076

Product Name Affected Version(s) Fixed Version(s) Fixed On
SupportCenter Plus 11027 and older 14000 Feb. 2, 2023


An OS command injection vulnerability allows a user with the admin role to inject and run OS commands in the target server.


The vulnerability can be exploited by threat actors to run arbitrary commands and initiate further attacks.

How have we fixed it?

We have changed the way OS commands are input and script executions are configured in the application by uploading them in specific folders and pulling them in using a TXT file.


Customers must upgrade to the latest version of ManageEngine SupportCenter Plus.

Steps to upgrade:

1. Download the latest upgrade pack from this link.

2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above link.


This vulnerability was reported by HMs on our bug bounty portal.

If you have any questions or concerns, please contact product support for further details at

World's Largest Organizations Rely On SupportCenter Plus