Polycom

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-4684 1Polycom 1Realpresence Resource Manager May 13, 2026 Sep 19, 2017 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to Plc...Show more Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.Show less
CVE-2015-4683 1Polycom 1Realpresence Resource Manager May 13, 2026 Sep 19, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
CVE-2015-4682 1Polycom 1Realpresence Resource Manager May 13, 2026 Sep 19, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
CVE-2015-4681 1Polycom 1Realpresence Resource Manager May 13, 2026 Sep 19, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
CVE-2015-8300 1Polycom 1Btoe Connector May 13, 2026 Aug 28, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse...Show more Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.Show less
CVE-2017-12857 1Polycom 1Unified Communications Software May 13, 2026 Aug 25, 2017 N/A· v4 8.8 HIGH· v3 4.0 MEDIUM· v2 Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability c...Show more Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.Show less
CVE-2015-1516 1Polycom 1Realpresence Cloudaxis Suite May 6, 2026 Sep 3, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4970 1Polycom 1Hdx System Software Apr 29, 2026 Jan 1, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbi...Show more Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2007-3369 1Polycom 1Soundpoint Ip 601 Apr 23, 2026 Jun 22, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via...Show more Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header.Show less
CVE-2007-3368 1Polycom 1Soundpoint Ip 650 Apr 23, 2026 Jun 22, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.
CVE-2006-5233 1Polycom 1Soundpoint Ip 301 Apr 23, 2026 Oct 11, 2006 N/A· v4 N/A· v3 7.8 HIGH· v2 Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as dem...Show more Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script.Show less
CVE-2003-0556 1Polycom 3Mgc 100 Mgc 25Mgc 50 Apr 16, 2026 Aug 18, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.
CVE-2002-0630 1Polycom 8Viewstation 128 Viewstation 512Viewstation Dcp+5 more Apr 16, 2026 Jan 7, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.
CVE-2002-0629 1Polycom 8Viewstation 128 Viewstation 512Viewstation Dcp+5 more Apr 16, 2026 Jan 7, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.
CVE-2002-0628 1Polycom 8Viewstation 128 Viewstation 512Viewstation Dcp+5 more Apr 16, 2026 Jan 7, 2003 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
CVE-2002-0627 1Polycom 8Viewstation 128 Viewstation 512Viewstation Dcp+5 more Apr 16, 2026 Jan 7, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.
CVE-2002-0626 1Polycom 8Viewstation 128 Viewstation 512Viewstation Dcp+5 more Apr 16, 2026 Jan 7, 2003 N/A· v4 N/A· v3 10.0 HIGH· v2 Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
CVE-2002-1906 1Polycom 1Viavideo Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.
CVE-2002-1905 1Polycom 1Viavideo Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.

Previous 12