diff --git a/Kernel/Modules/AdminSupportDataCollector.pm b/Kernel/Modules/AdminSupportDataCollector.pm
index 6a1c9935e28..2027d5de49c 100644
--- a/Kernel/Modules/AdminSupportDataCollector.pm
+++ b/Kernel/Modules/AdminSupportDataCollector.pm
@@ -275,6 +275,8 @@ sub _SupportDataCollectorView {
 sub _GenerateSupportBundle {
     my ( $Self, %Param ) = @_;
 
+    $Kernel::OM->Get('Kernel::Output::HTML::Layout')->ChallengeTokenCheck();
+
     my $MainObject = $Kernel::OM->Get('Kernel::System::Main');
     my $RandomID   = $MainObject->GenerateRandomString(
         Length     => 8,
@@ -345,12 +347,23 @@ sub _DownloadSupportBundle {
 
     my $ParamObject  = $Kernel::OM->Get('Kernel::System::Web::Request');
     my $LayoutObject = $Kernel::OM->Get('Kernel::Output::HTML::Layout');
+
+    $LayoutObject->ChallengeTokenCheck();
+
     my $Filename     = $ParamObject->GetParam( Param => 'Filename' ) || '';
     my $RandomID     = $ParamObject->GetParam( Param => 'RandomID' ) || '';
 
-    if ( !$Filename ) {
+    # Validate simple file name.
+    if ( !$Filename || $Filename !~ m{^[a-z0-9._-]+$}smxi  ) {
+        return $LayoutObject->ErrorScreen(
+            Message => "Need Filename or Filename invalid!",
+        );
+    }
+
+    # Validate simple RandomID.
+    if ( !$RandomID || $RandomID !~ m{^[a-f0-9]+$}smx  ) {
         return $LayoutObject->ErrorScreen(
-            Message => "Need Filename!",
+            Message => "Need RandomID or RandomID invalid!",
         );
     }
 
diff --git a/Kernel/Output/HTML/Templates/Standard/AdminSupportDataCollector.tt b/Kernel/Output/HTML/Templates/Standard/AdminSupportDataCollector.tt
index 88409b82f4f..848e58e9170 100644
--- a/Kernel/Output/HTML/Templates/Standard/AdminSupportDataCollector.tt
+++ b/Kernel/Output/HTML/Templates/Standard/AdminSupportDataCollector.tt
@@ -216,7 +216,7 @@
                 }
 
                 $('#DownloadSupportBundle').bind('click', function (Event) {
-                    window.location.href = '[% Env("Baselink") %]Action=[% Env("Action") %];Subaction=DownloadSupportBundle;Filename=' + Response.Filename + ';RandomID=' + Response.RandomID;
+                    window.location.href = '[% Env("Baselink") %]Action=[% Env("Action") %];Subaction=DownloadSupportBundle;Filename=' + Response.Filename + ';RandomID=' + Response.RandomID + ';ChallengeToken=' + Core.Config.Get('ChallengeToken');
                     Core.UI.Dialog.CloseDialog($('#SupportBundleOptionsDialog'));
                 });
             }