CVE-2023-23076

nvd nist

Published: Feb 1, 2023Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.

Affected (27)

Products: Zohocorp: Manageengine Supportcenter Plus

Zohocorp

1 product

Manageengine Supportcenter Plus

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Supportcenter Plus	Version 11.0
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11001
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11002
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11003
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11004
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11005
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11006
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11007
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11008
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11009
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11010
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11011
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11012
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11013
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11014
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11015
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11016
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11017
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11018
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11019
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11020
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11021
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11022
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11024
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11025
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11026
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11027

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://bugbounty.zohocorp.com/bb/#/bug/101000006459751?tab=originator

Source: cve@mitre.org

Not Applicable

https://www.manageengine.com/products/support-center/CVE-2023-23076.html

Source: cve@mitre.org

https://bugbounty.zohocorp.com/bb/#/bug/101000006459751?tab=originator

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://www.manageengine.com/products/support-center/CVE-2023-23076.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.