polycom 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、vendor risk cross-site scripting、バッファオーバーフロー, and vendor risk csrf があり、vendor surface software deployment and vendor surface production workloads の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2015-4685 | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration. | [email protected] | 7.0 | 1.20% | 2017-09-19 | 2026-06-16 |
| CVE-2015-4684 | Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to Plc | [email protected] | 6.5 | 4.93% | 2017-09-19 | 2026-06-16 |
| CVE-2015-4683 | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | [email protected] | 9.8 | 6.87% | 2017-09-19 | 2026-06-16 |
| CVE-2015-4682 | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. | [email protected] | 6.5 | 5.23% | 2017-09-19 | 2026-06-16 |
| CVE-2015-4681 | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | [email protected] | 7.8 | 1.70% | 2017-09-19 | 2026-06-16 |
| CVE-2015-8300 | Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | [email protected] | 7.8 | 0.55% | 2017-08-28 | 2026-06-16 |
| CVE-2017-12857 | Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. | [email protected] | 8.8 | 1.62% | 2017-08-25 | 2026-06-16 |
| CVE-2015-1516 | Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 3.5 | 0.83% | 2015-09-03 | 2026-06-16 |
| CVE-2012-4970 | Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 4.3 | 1.15% | 2013-01-01 | 2026-06-16 |
| CVE-2007-3369 | Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header. | [email protected] | 7.8 | 2.22% | 2007-06-22 | 2026-06-16 |
| CVE-2007-3368 | Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter. | [email protected] | 7.8 | 1.82% | 2007-06-22 | 2026-06-16 |
| CVE-2006-5233 | Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | [email protected] | 7.8 | 1.70% | 2006-10-10 | 2026-06-16 |
| CVE-2003-0556 | Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester. | [email protected] | 5.0 | 1.26% | 2003-08-18 | 2026-06-16 |
| CVE-2002-0630 | The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. | [email protected] | 5.0 | 1.59% | 2003-01-07 | 2026-06-16 |
| CVE-2002-0629 | The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server. | [email protected] | 5.0 | 1.63% | 2003-01-07 | 2026-06-16 |
| CVE-2002-0628 | The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | [email protected] | 7.5 | 2.19% | 2003-01-07 | 2026-06-16 |
| CVE-2002-0627 | The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. | [email protected] | 7.5 | 1.64% | 2003-01-07 | 2026-06-16 |
| CVE-2002-0626 | Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. | [email protected] | 10.0 | 1.80% | 2003-01-07 | 2026-06-16 |
| CVE-2002-1906 | The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open. | [email protected] | 5.0 | 7.12% | 2002-12-31 | 2026-06-16 |
| CVE-2002-1905 | Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | [email protected] | 5.0 | 7.54% | 2002-12-31 | 2026-06-16 |