Accessibility Skip to content

As of August 29, 2022, HP Inc. completed the acquisition of Poly. For HP product support, please visit the HP Customer Support site.

Poly Security Center

Security is our Top Priority

At Poly, information security is a top priority across all our products and services. We support the discovery and reporting of vulnerabilities to increase the security posture of our products. We welcome and encourage members of the security research community to bring any vulnerability to our attention, we will work in a coordinated manner so that security fixes can be delivered to the Poly user base securely and openly.

Contact Info

To contact the Poly Product Security Office (PSO) or to report a product security issue, please email security@poly.com

Additional Information

Poly’s Product Vulnerability Disclosure Policy can be found here.

Whitepapers for security and privacy related information for Poly products and services can be found here.

Latest Security Advisories

 

ID

Description

Date Posted

Last Update


PLYVC22-01 UC Software – Heap-based Buffer Overflow 12/16/2022 12/16/2022

PLYGN22-05 Poly Systems - OpenSSl 3.X Vulnerabilities Impact 11/03/2022 11/03/2022

PLYUI22-04 RPRM - Improper Restriction of XML External Entity Reference 09/16/2022 09/16/2022

PLYVC22-03 Trio 8800 - Uncontrolled Resource Consumption 09/16/2022 09/16/2022

PLYVC22-02 Trio 8800 - Improper Control of Generation of Code 09/16/2022 09/16/2022

 

SECURITY ADVISORIES BY PRODUCT TYPE

 

ID

Description

Date Posted

Last Update

 

PLYPL20-07 Poly Systems - KNOB and BIAS Bluetooth Impact 7/21/2020 3/8/2022

 

 

ID

Description

Date Posted

Last Update

 

PLYVC22-01 UC Software – Heap-based Buffer Overflow 12/16/2022 12/16/2022

PLYVC22-03 Trio 8800 - Uncontrolled Resource Consumption 09/16/2022 09/16/2022

PLYVC22-02 Trio 8800 - Improper Control of Generation of Code 09/16/2022 09/16/2022

PLYVC21-06 CX5500 - Improper Neutralization of Special Elements used in an OS Comman 9/7/2021 3/9/2022

PLYVC21-05 UC Software - Exposure of Sensitive Information to an Unauthorized Actor 4/29/2021 3/10/2022

PLYVC21-04 UC Software - Exposure of Sensitive Information to an Unauthorized Actor 2/22/2021 3/10/2022

PLYVC20-04 UC Software - Improper Neutralization of Input During Web Page Generation & Cross-Site Request Forgery 4/1/2020 3/8/2022

PLYVC20-02 CCX - UI does not properly restrict User 1/22/2020 3/8/2022

PLYVC20-01 Poly Systems – VxWorks OS “URGENT/11” Impact 12/19/2020 12/19/2020

PLYVC19-07 OBi1022 - Improper Neutralization of Special Elements used in an OS Command 8/7/2019 3/7/2022

PLYVC19-06 Polycom UC Software - Exposed Dangerous Method or Function 7/26/2019 3/7/2022

PLYVC19-05 VVX - Exposure of Sensitive Information to an Unauthorized Actor 6/17/2019 3/7/2022

PLYVC19-04 VVX - Use of Hard-coded Credentials 4/23/2019 3/7/2022

PLYVC18-10 Trio Devices - Improper Neutralization of Input During Web Page Generation 9/13/2018 3/14/2022

PLYVC18-09 Trio Devices - Incorrect Permission Assignment for Critical Resource 11/1/2018 3/14/2022

PLYVC18-05 UC Software - Exposure of Sensitive Information to an Unauthorized Actor 6/25/2018 3/14/2022

PLYVC17-04 UC Software - Improper Restriction of Operations within the Bounds of a Memory Buffer 9/13/2017 3/14/2022

 

 

ID

Description

Date Posted

Last Update

 

PLYUI22-04 RPRM - Improper Restriction of XML External Entity Reference 09/16/2022 09/16/2022

PLYTV21-07 Plantronics Hub - Improper Access Control 6/10/2021 3/9/2022

PLYAP19-08 Plantronics Hub - Privilege Defined With Unsafe Actions 8/30/2019 3/7/2022

 

 

ID

Description

Date Posted

Last Update

 

PLYPL21-12 EEDII – Multiple Security Vulnerabilities 3/7/2022 3/7/2022

PLYPL21-11 EEDII – Multiple Security Vulnerabilities 3/7/2022 3/7/2022

PLYTV21-10 Studio X50 – Insertion of Sensitive Information into Log File 3/7/2022 3/7/2022

PLYTV21-09 Studio X50 – Improper Neutralization of Special Elements used in an OS Command 3/7/2022 3/7/2022

PLYUI20-08 RealPresence Resource Manager - Netlogon Impact 9/24/2020 3/8/2022

PLYPL20-06 Studio - Logging of Excessive Data 6/26/2020 3/8/2022

PLYTV20-03 HDX - Disable TLS 1.0 3/9/2020 3/8/2022

PLYTV19-03 HDX - Multiple Web UI Vulnerabilities 4/26/2019 3/7/2022

PLYTV19-02 HDX - Botnet Attacks 2/20/2019 3/7/2022

PLYTV18-11 Multiple Video Conferencing Products - Improper Restriction of Operations within the Bounds of a Memory Buffer 11/1/2018 3/14/2022

PLYTV18-08 HDX - Omni Botnet 8/8/2018 3/14/2022

PLYUI18-04 RealPresence WebSuite - Exposure of Private Personal Information to an Unauthorized Actor 6/18/2018 3/14/2022

PLYTV18-03 RealPresence Debut - Multiple Web UI Vulnerabilities 5/10/2018 3/14/2022

PLYTV18-02 QDX 6000 - Improper Neutralization of Input During Web Page Generation & Cross-Site Request Forgery 3/2/2018 3/14/2022

PLYTV17-07 HDX - Improper Neutralization of Special Elements used in an OS Command 11/15/2017 3/14/2022

PLYTV17-06 HDX - Improper Neutralization of Special Elements used in an OS Command 10/16/2017 3/14/2022

 


PLY16-04 HDX - Improper Restriction of XML External Entity Reference 6/29/2016 3/11/2022

 


PLYUI13-07 RealPresence Resource Manager - Jboss Application Server Impact 12/20/2013 3/4/2022

 


PLYTV13-06 HDX - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 5/7/2013 3/4/2022

 


PLYTV13-05 HDX - Improper Neutralization of Special Elements used in a Command ('Command Injection') 3/13/2013 3/4/2022

 


PLYTV13-04 HDX - Execution with Unnecessary Privileges 3/13/2013 3/3/2022

 


PLYTV13-02 HDX - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 3/13/2013 3/3/2022

 


PLYTV13-01 HDX - Improper Verification of Cryptographic Signature 3/13/2013 3/3/2022

 

 

ID

Description

Date Posted

Last Update

 

PLYGN22-05 Poly Systems - OpenSSl 3.X Vulnerabilities Impact 11/03/2022 11/03/2022

PLYTV21-08 Vulnerability in Apache Log4j Affecting Poly Systems 12/13/2021 2/23/2022

PLYGN21-03 Poly Systems - SIP Provisioning Attacks 2/24/2021 3/9/2022

PLYGN21-02 Poly ZTP - Exposure of Sensitive Information to an Unauthorized Actor 2/22/2021 3/10/2022

PLYGN21-01 Poly Systems – Solar Winds Impact 1/20/2021 3/9/2022

PLYGN19-01 Unified Communications - Persistent Cyber Threats Awareness 1/18/2019 3/7/2022

PLYGN18-07 Poly Systems - Microsoft O365 TLS Version Support 7/5/2018 3/14/2022

PLYGN18-01 Poly Systems - Spectre and Meltdown 7/12/2018 3/14/2022

PLYGN17-05 Poly Systems - BlueBorne Impact 9/25/2017 3/14/2022

 


PLYGN17-03 Poly Systems - Samba and SambaCry Impact 9/13/2017 3/14/2022

 


PLYGN17-02 Poly Systems - WannaCry Impact 5/16/2017 3/14/2022

 


PLYVC17-01 Poly Systems - Apache Struts Impact 3/21/2017 3/14/2022

 


PLYGN16-06 Poly Systems - Dirty Cow Linux Kernel Impact 10/26/2016 3/11/2022

 


PLYGN16-03 Poly Systems - DROWN Impact 3/8/2016 3/11/2022

 


PLYGN16-02 Poly Systems - GNU glibc DNS Impact 2/23/2016 3/11/2022

 


PLYGN16-01 Poly Systems - H323 and SIP AES Encryption Impact 2/3/2016 3/11/2022

 


PLYGN14-23 Poly Systems - H323 & SIP Botnet Calling 11/18/2014 3/8/2022

PLYGN14-03 Poly Systems - Multiple Bash Vulnerabilities (Shellshock) 9/25/2014 3/4/2022

PLYGN14-02 Poly Systems - Multiple Open SSL Vulnerabilities Impact 6/13/2014 3/4/2022

PLYGN14-01 Poly Systms - HeartBleed Impact 4/9/2014 3/4/2022

 

Security Advisories by Year

2022

 

ID

Description

Date Posted

Last Update


PLYVC22-01 UC Software – Heap-based Buffer Overflow 12/16/2022 12/16/2022

PLYGN22-05 Poly Systems - OpenSSl 3.X Vulnerabilities Impact 11/03/2022 11/03/2022

PLYUI22-04 RPRM - Improper Restriction of XML External Entity Reference 09/16/2022 09/16/2022

PLYVC22-03 Trio 8800 - Uncontrolled Resource Consumption 09/16/2022 09/16/2022

PLYVC22-02 Trio 8800 - Improper Control of Generation of Code 09/16/2022 09/16/2022

 

 

ID

Description

Date Posted

Last Update

 

PLYUI20-08 RealPresence Resource Manager - Netlogon Impact 9/24/2020 3/8/2022

 

PLYPL20-07 Poly Systems - KNOB and BIAS Bluetooth Impact 7/21/2020 3/8/2022

 

PLYPL20-06 Studio - Logging of Excessive Data 6/26/2020 3/8/2022

 

PLYVC20-04 UC Software - Improper Neutralization of Input During Web Page Generation & Cross-Site Request Forgery 4/1/2020 3/8/2022

 

PLYTV20-03 HDX - Disable TLS 1.0 3/9/2020 3/8/2022

 

PLYVC20-02 CCX - UI does not properly restrict User 1/22/2020 3/8/2022

 

PLYVC20-01 Poly Systems – VxWorks OS “URGENT/11” Impact 12/19/2020 12/19/2020

 

 

ID

Description

Date Posted

Last Update

 

PLYAP19-08 Plantronics Hub - Privilege Defined With Unsafe Actions 8/30/2019 3/7/2022

 

PLYVC19-07 OBi1022 - Improper Neutralization of Special Elements used in an OS Command 8/7/2019 3/7/2022

 

PLYVC19-06 Polycom UC Software - Exposed Dangerous Method or Function 7/26/2019 3/7/2022

 

PLYVC19-05 VVX - Exposure of Sensitive Information to an Unauthorized Actor 6/17/2019 3/7/2022

 

PLYVC19-04 VVX - Use of Hard-coded Credentials 4/23/2019 3/7/2022

 

PLYTV19-03 HDX - Multiple Web UI Vulnerabilities 4/26/2019 3/7/2022

 

PLYTV19-02 HDX - Botnet Attacks 2/20/2019 3/7/2022

 

PLYGN19-01 Unified Communications - Persistent Cyber Threats Awareness 1/18/2019 3/7/2022

 

 

ID

Description

Date Posted

Last Update

 

PLYTV17-07 HDX - Improper Neutralization of Special Elements used in an OS Command 11/15/2017 3/14/2022

 


PLYTV17-06 HDX - Improper Neutralization of Special Elements used in an OS Command 10/16/2017 3/14/2022

 


PLYGN17-05 Poly Systems - BlueBorne Impact 9/25/2017 3/14/2022

 


PLYVC17-04 UC Software - Improper Restriction of Operations within the Bounds of a Memory Buffer 9/13/2017 3/14/2022

 


PLYGN17-03 Poly Systems - Samba and SambaCry Impact 9/13/2017 3/14/2022

 


PLYGN17-02 Poly Systems - WannaCry Impact 5/16/2017 3/14/2022

 


PLYVC17-01 Poly Systems - Apache Struts Impact 3/21/2017 3/14/2022

 

 

ID

Description

Date Posted

Last Update

 

PLYGN16-06 Poly Systems - Dirty Cow Linux Kernel Impact 10/26/2016 3/11/2022

 


PLYTV16-05 HDX - Improper Neutralization of Input During Web Page Generation & Cross-Site Request Forgery 6/29/2016 3/11/2022

 


PLY16-04 HDX - Improper Restriction of XML External Entity Reference 6/29/2016 3/11/2022

 


PLYGN16-03 Poly Systems - DROWN Impact 3/8/2016 3/11/2022

 


PLYGN16-02 Poly Systems - GNU glibc DNS Impact 2/23/2016 3/11/2022

 


PLYGN16-01 Poly Systems - H323 and SIP AES Encryption Impact 2/3/2016 3/11/2022

 

 

ID

Description

Date Posted

Last Update

 

PLYGN14-23 Poly Systems - H323 & SIP Botnet Calling 11/18/2014 3/8/2022

PLYGN14-03 Poly Systems - Multiple Bash Vulnerabilities (Shellshock) 9/25/2014 3/4/2022

PLYGN14-02 Poly Systems - Multiple Open SSL Vulnerabilities Impact 6/13/2014 3/4/2022

PLYGN14-01 Poly Systms - HeartBleed Impact 4/9/2014 3/4/2022