VYPR
Vendor

Polycom

Products
42
CVEs
47
Across products
84
Status
Private

Products

42
View all 42 products →

Recent CVEs

47
View all 47 CVEs →
  • CVE-2015-4683CriSep 19, 2017
    risk 0.67cvss 9.8epss 0.07

    Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.

  • CVE-2025-34093HigJul 10, 2025
    risk 0.58cvss epss 0.02

    An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting…

  • CVE-2018-7565HigMar 7, 2018
    risk 0.57cvss 8.8epss 0.00

    CSRF exists on Polycom QDX 6000 devices.

  • CVE-2017-12857HigAug 25, 2017
    risk 0.57cvss 8.8epss 0.02

    Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a…

  • CVE-2015-4681HigSep 19, 2017
    risk 0.54cvss 7.8epss 0.02

    Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.

  • CVE-2015-8300HigAug 28, 2017
    risk 0.51cvss 7.8epss 0.01

    Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.

  • CVE-2025-22918HigFeb 3, 2025
    risk 0.49cvss 7.5epss 0.00

    Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information.

  • CVE-2018-12592HigJun 20, 2018
    risk 0.49cvss 7.5epss 0.01

    Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other…

  • CVE-2015-4685HigSep 19, 2017
    risk 0.49cvss 7.0epss 0.01

    Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

  • CVE-2002-0628HigJan 7, 2003
    risk 0.49cvss 7.5epss 0.02

    The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.

  • CVE-2015-4684MedSep 19, 2017
    risk 0.46cvss 6.5epss 0.05

    Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators…

  • CVE-2015-4682MedSep 19, 2017
    risk 0.46cvss 6.5epss 0.05

    Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.

  • CVE-2018-7564MedMar 7, 2018
    risk 0.40cvss 6.1epss 0.01

    Stored XSS exists on Polycom QDX 6000 devices.

  • CVE-2012-6610Jan 28, 2020
    risk 0.07cvss epss 0.11

    Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.

  • CVE-2002-1906Dec 31, 2002
    risk 0.04cvss epss 0.07

    The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.

  • CVE-2002-1905Dec 31, 2002
    risk 0.04cvss epss 0.08

    Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.

  • CVE-2023-4468Dec 29, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack…

  • CVE-2023-4466Dec 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be…

  • CVE-2023-4465Dec 29, 2023
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101,…

  • CVE-2023-4464Dec 29, 2023
    risk 0.00cvss epss 0.03

    A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101,…