Aggregates CVE and security vulnerability intelligence across all polycom-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling, vendor risk cross-site scripting, vendor risk buffer overflow, and vendor risk csrf and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-4684 | Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to Plc | [email protected] | 6.5 | 11.36% | 2017-09-19 | 2026-05-13 |
| CVE-2015-4683 | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | [email protected] | 9.8 | 34.31% | 2017-09-19 | 2026-05-13 |
| CVE-2015-4682 | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. | [email protected] | 6.5 | 12.34% | 2017-09-19 | 2026-05-13 |
| CVE-2015-4681 | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | [email protected] | 7.8 | 0.52% | 2017-09-19 | 2026-05-13 |
| CVE-2015-8300 | Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | [email protected] | 7.8 | 0.04% | 2017-08-28 | 2026-05-13 |
| CVE-2017-12857 | Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. | [email protected] | 8.8 | 0.29% | 2017-08-25 | 2026-05-13 |
| CVE-2015-1516 | Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 3.5 | 0.16% | 2015-09-03 | 2026-05-06 |
| CVE-2012-4970 | Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 4.3 | 0.25% | 2013-01-01 | 2026-04-29 |
| CVE-2007-3369 | Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header. | [email protected] | 7.8 | 1.68% | 2007-06-22 | 2026-04-23 |
| CVE-2007-3368 | Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter. | [email protected] | 7.8 | 0.88% | 2007-06-22 | 2026-04-23 |
| CVE-2006-5233 | Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | [email protected] | 7.8 | 0.80% | 2006-10-11 | 2026-04-23 |
| CVE-2003-0556 | Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester. | [email protected] | 5.0 | 0.66% | 2003-08-18 | 2026-04-16 |
| CVE-2002-0630 | The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. | [email protected] | 5.0 | 1.32% | 2003-01-07 | 2026-04-16 |
| CVE-2002-0629 | The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server. | [email protected] | 5.0 | 1.32% | 2003-01-07 | 2026-04-16 |
| CVE-2002-0628 | The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | [email protected] | 7.5 | 1.71% | 2003-01-07 | 2026-04-16 |
| CVE-2002-0627 | The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. | [email protected] | 7.5 | 0.79% | 2003-01-07 | 2026-04-16 |
| CVE-2002-0626 | Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. | [email protected] | 10.0 | 0.47% | 2003-01-07 | 2026-04-16 |
| CVE-2002-1906 | The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open. | [email protected] | 5.0 | 5.12% | 2002-12-31 | 2026-04-16 |
| CVE-2002-1905 | Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | [email protected] | 5.0 | 4.35% | 2002-12-31 | 2026-04-16 |