ID |
Description |
Date Posted |
Last Update |
| PLYPL20-07 | Poly Systems - KNOB and BIAS Bluetooth Impact | 7/21/2020 | 3/8/2022 |
Accessibility
Skip to content
As of August 29, 2022, HP Inc. completed the acquisition of Poly. For HP product support, please visit the HP Customer Support site.
Security is our Top Priority
At Poly, information security is a top priority across all our products and services. We support the discovery and reporting of vulnerabilities to increase the security posture of our products. We welcome and encourage members of the security research community to bring any vulnerability to our attention, we will work in a coordinated manner so that security fixes can be delivered to the Poly user base securely and openly.
Contact Info
To contact the Poly Product Security Office (PSO) or to report a product security issue, please email security@poly.com
Additional Information
Poly’s Product Vulnerability Disclosure Policy can be found here.
Whitepapers for security and privacy related information for Poly products and services can be found here.
Latest Security Advisories
Description |
Date Posted |
Last Update |
| PLYVC22-01 | UC Software – Heap-based Buffer Overflow | 12/16/2022 | 12/16/2022 |
| PLYGN22-05 | Poly Systems - OpenSSl 3.X Vulnerabilities Impact | 11/03/2022 | 11/03/2022 |
| PLYUI22-04 | RPRM - Improper Restriction of XML External Entity Reference | 09/16/2022 | 09/16/2022 |
| PLYVC22-03 | Trio 8800 - Uncontrolled Resource Consumption | 09/16/2022 | 09/16/2022 |
| PLYVC22-02 | Trio 8800 - Improper Control of Generation of Code | 09/16/2022 | 09/16/2022 |
SECURITY ADVISORIES BY PRODUCT TYPE
Personal Devices
Business and Conference Phones
ID |
Description |
Date Posted |
Last Update |
| PLYVC22-01 | UC Software – Heap-based Buffer Overflow | 12/16/2022 | 12/16/2022 |
| PLYVC22-03 | Trio 8800 - Uncontrolled Resource Consumption | 09/16/2022 | 09/16/2022 |
| PLYVC22-02 | Trio 8800 - Improper Control of Generation of Code | 09/16/2022 | 09/16/2022 |
| PLYVC21-06 | CX5500 - Improper Neutralization of Special Elements used in an OS Comman | 9/7/2021 | 3/9/2022 |
| PLYVC21-05 | UC Software - Exposure of Sensitive Information to an Unauthorized Actor | 4/29/2021 | 3/10/2022 |
| PLYVC21-04 | UC Software - Exposure of Sensitive Information to an Unauthorized Actor | 2/22/2021 | 3/10/2022 |
| PLYVC20-04 | UC Software - Improper Neutralization of Input During Web Page Generation & Cross-Site Request Forgery | 4/1/2020 | 3/8/2022 |
| PLYVC20-02 | CCX - UI does not properly restrict User | 1/22/2020 | 3/8/2022 |
| PLYVC20-01 | Poly Systems – VxWorks OS “URGENT/11” Impact | 12/19/2020 | 12/19/2020 |
| PLYVC19-07 | OBi1022 - Improper Neutralization of Special Elements used in an OS Command | 8/7/2019 | 3/7/2022 |
| PLYVC19-06 | Polycom UC Software - Exposed Dangerous Method or Function | 7/26/2019 | 3/7/2022 |
| PLYVC19-05 | VVX - Exposure of Sensitive Information to an Unauthorized Actor | 6/17/2019 | 3/7/2022 |
| PLYVC19-04 | VVX - Use of Hard-coded Credentials | 4/23/2019 | 3/7/2022 |
| PLYVC18-10 | Trio Devices - Improper Neutralization of Input During Web Page Generation | 9/13/2018 | 3/14/2022 |
| PLYVC18-09 | Trio Devices - Incorrect Permission Assignment for Critical Resource | 11/1/2018 | 3/14/2022 |
| PLYVC18-05 | UC Software - Exposure of Sensitive Information to an Unauthorized Actor | 6/25/2018 | 3/14/2022 |
| PLYVC17-04 | UC Software - Improper Restriction of Operations within the Bounds of a Memory Buffer | 9/13/2017 | 3/14/2022 |
Cloud Services and Apps
ID |
Description |
Date Posted |
Last Update |
| PLYUI22-04 | RPRM - Improper Restriction of XML External Entity Reference | 09/16/2022 | 09/16/2022 |
| PLYTV21-07 | Plantronics Hub - Improper Access Control | 6/10/2021 | 3/9/2022 |
| PLYAP19-08 | Plantronics Hub - Privilege Defined With Unsafe Actions | 8/30/2019 | 3/7/2022 |
Video Conferencing
ID |
Description |
Date Posted |
Last Update |
| PLYPL21-12 | EEDII – Multiple Security Vulnerabilities | 3/7/2022 | 3/7/2022 |
| PLYPL21-11 | EEDII – Multiple Security Vulnerabilities | 3/7/2022 | 3/7/2022 |
| PLYTV21-10 | Studio X50 – Insertion of Sensitive Information into Log File | 3/7/2022 | 3/7/2022 |
| PLYTV21-09 | Studio X50 – Improper Neutralization of Special Elements used in an OS Command | 3/7/2022 | 3/7/2022 |
| PLYUI20-08 | RealPresence Resource Manager - Netlogon Impact | 9/24/2020 | 3/8/2022 |
| PLYPL20-06 | Studio - Logging of Excessive Data | 6/26/2020 | 3/8/2022 |
| PLYTV20-03 | HDX - Disable TLS 1.0 | 3/9/2020 | 3/8/2022 |
| PLYTV19-03 | HDX - Multiple Web UI Vulnerabilities | 4/26/2019 | 3/7/2022 |
| PLYTV19-02 | HDX - Botnet Attacks | 2/20/2019 | 3/7/2022 |
| PLYTV18-11 | Multiple Video Conferencing Products - Improper Restriction of Operations within the Bounds of a Memory Buffer | 11/1/2018 | 3/14/2022 |
| PLYTV18-08 | HDX - Omni Botnet | 8/8/2018 | 3/14/2022 |
| PLYUI18-04 | RealPresence WebSuite - Exposure of Private Personal Information to an Unauthorized Actor | 6/18/2018 | 3/14/2022 |
| PLYTV18-03 | RealPresence Debut - Multiple Web UI Vulnerabilities | 5/10/2018 | 3/14/2022 |
| PLYTV18-02 | QDX 6000 - Improper Neutralization of Input During Web Page Generation & Cross-Site Request Forgery | 3/2/2018 | 3/14/2022 |
| PLYTV17-07 | HDX - Improper Neutralization of Special Elements used in an OS Command | 11/15/2017 | 3/14/2022 |
| PLYTV17-06 | HDX - Improper Neutralization of Special Elements used in an OS Command | 10/16/2017 | 3/14/2022 |
| PLY16-04 | HDX - Improper Restriction of XML External Entity Reference | 6/29/2016 | 3/11/2022 |
| PLYUI13-07 | RealPresence Resource Manager - Jboss Application Server Impact | 12/20/2013 | 3/4/2022 |
| PLYTV13-06 | HDX - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | 5/7/2013 | 3/4/2022 |
| PLYTV13-05 | HDX - Improper Neutralization of Special Elements used in a Command ('Command Injection') | 3/13/2013 | 3/4/2022 |
| PLYTV13-04 | HDX - Execution with Unnecessary Privileges | 3/13/2013 | 3/3/2022 |
| PLYTV13-02 | HDX - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 3/13/2013 | 3/3/2022 |
| PLYTV13-01 | HDX - Improper Verification of Cryptographic Signature | 3/13/2013 | 3/3/2022 |
General
ID |
Description |
Date Posted |
Last Update |
| PLYGN22-05 | Poly Systems - OpenSSl 3.X Vulnerabilities Impact | 11/03/2022 | 11/03/2022 |
| PLYTV21-08 | Vulnerability in Apache Log4j Affecting Poly Systems | 12/13/2021 | 2/23/2022 |
| PLYGN21-03 | Poly Systems - SIP Provisioning Attacks | 2/24/2021 | 3/9/2022 |
| PLYGN21-02 | Poly ZTP - Exposure of Sensitive Information to an Unauthorized Actor | 2/22/2021 | 3/10/2022 |
| PLYGN21-01 | Poly Systems – Solar Winds Impact | 1/20/2021 | 3/9/2022 |
| PLYGN19-01 | Unified Communications - Persistent Cyber Threats Awareness | 1/18/2019 | 3/7/2022 |
| PLYGN18-07 | Poly Systems - Microsoft O365 TLS Version Support | 7/5/2018 | 3/14/2022 |
| PLYGN18-01 | Poly Systems - Spectre and Meltdown | 7/12/2018 | 3/14/2022 |
| PLYGN17-05 | Poly Systems - BlueBorne Impact | 9/25/2017 | 3/14/2022 |
| PLYGN17-03 | Poly Systems - Samba and SambaCry Impact | 9/13/2017 | 3/14/2022 |
| PLYGN17-02 | Poly Systems - WannaCry Impact | 5/16/2017 | 3/14/2022 |
| PLYVC17-01 | Poly Systems - Apache Struts Impact | 3/21/2017 | 3/14/2022 |
| PLYGN16-06 | Poly Systems - Dirty Cow Linux Kernel Impact | 10/26/2016 | 3/11/2022 |
| PLYGN16-03 | Poly Systems - DROWN Impact | 3/8/2016 | 3/11/2022 |
| PLYGN16-02 | Poly Systems - GNU glibc DNS Impact | 2/23/2016 | 3/11/2022 |
| PLYGN16-01 | Poly Systems - H323 and SIP AES Encryption Impact | 2/3/2016 | 3/11/2022 |
| PLYGN14-23 | Poly Systems - H323 & SIP Botnet Calling | 11/18/2014 | 3/8/2022 |
| PLYGN14-03 | Poly Systems - Multiple Bash Vulnerabilities (Shellshock) | 9/25/2014 | 3/4/2022 |
| PLYGN14-02 | Poly Systems - Multiple Open SSL Vulnerabilities Impact | 6/13/2014 | 3/4/2022 |
| PLYGN14-01 | Poly Systms - HeartBleed Impact | 4/9/2014 | 3/4/2022 |
Security Advisories by Year
2022
Description |
Date Posted |
Last Update |
| PLYVC22-01 | UC Software – Heap-based Buffer Overflow | 12/16/2022 | 12/16/2022 |
| PLYGN22-05 | Poly Systems - OpenSSl 3.X Vulnerabilities Impact | 11/03/2022 | 11/03/2022 |
| PLYUI22-04 | RPRM - Improper Restriction of XML External Entity Reference | 09/16/2022 | 09/16/2022 |
| PLYVC22-03 | Trio 8800 - Uncontrolled Resource Consumption | 09/16/2022 | 09/16/2022 |
| PLYVC22-02 | Trio 8800 - Improper Control of Generation of Code | 09/16/2022 | 09/16/2022 |
2021
ID |
Description |
Date Posted |
Last Update |
| PLYPL21-12 | EEDII – Multiple Security Vulnerabilities | 3/7/2022 | 3/7/2022 |
| PLYPL21-11 | EEDII – Multiple Security Vulnerabilities | 3/7/2022 | 3/7/2022 |
| PLYTV21-10 | Studio X50 – Insertion of Sensitive Information into Log File | 3/7/2022 | 3/7/2022 |
| PLYTV21-09 | Studio X50 – Improper Neutralization of Special Elements used in an OS Command | 3/7/2022 | 3/7/2022 |
| PLYTV21-08 | Vulnerability in Apache Log4j Affecting Poly Systems | 12/13/2021 | 2/23/2022 |
| PLYTV21-07 | Plantronics Hub - Improper Access Control | 6/10/2021 | 3/9/2022 |
| PLYVC21-06 | CX5500 - Improper Neutralization of Special Elements used in an OS Comman | 9/7/2021 | 3/9/2022 |
| PLYVC21-05 | UC Software - Exposure of Sensitive Information to an Unauthorized Actor | 4/29/2021 | 3/10/2022 |
| PLYVC21-04 | UC Software - Exposure of Sensitive Information to an Unauthorized Actor | 2/22/2021 | 3/10/2022 |
| PLYGN21-03 | Poly Systems - SIP Provisioning Attacks | 3/9/2022 | 2/24/2021 |
| PLYGN21-02 | Poly ZTP - Exposure of Sensitive Information to an Unauthorized Actor | 2/22/2021 | 3/10/2022 |
| PLYGN21-01 | Poly Systems – Solar Winds Impact | 1/20/2021 | 3/9/2022 |
2020
ID |
Description |
Date Posted |
Last Update |
| PLYUI20-08 | RealPresence Resource Manager - Netlogon Impact | 9/24/2020 | 3/8/2022 |
| PLYPL20-07 | Poly Systems - KNOB and BIAS Bluetooth Impact | 7/21/2020 | 3/8/2022 |
| PLYPL20-06 | Studio - Logging of Excessive Data | 6/26/2020 | 3/8/2022 |
| PLYVC20-04 | UC Software - Improper Neutralization of Input During Web Page Generation & Cross-Site Request Forgery | 4/1/2020 | 3/8/2022 |
| PLYTV20-03 | HDX - Disable TLS 1.0 | 3/9/2020 | 3/8/2022 |
| PLYVC20-02 | CCX - UI does not properly restrict User | 1/22/2020 | 3/8/2022 |
| PLYVC20-01 | Poly Systems – VxWorks OS “URGENT/11” Impact | 12/19/2020 | 12/19/2020 |
2019
ID |
Description |
Date Posted |
Last Update |
| PLYAP19-08 | Plantronics Hub - Privilege Defined With Unsafe Actions | 8/30/2019 | 3/7/2022 |
| PLYVC19-07 | OBi1022 - Improper Neutralization of Special Elements used in an OS Command | 8/7/2019 | 3/7/2022 |
| PLYVC19-06 | Polycom UC Software - Exposed Dangerous Method or Function | 7/26/2019 | 3/7/2022 |
| PLYVC19-05 | VVX - Exposure of Sensitive Information to an Unauthorized Actor | 6/17/2019 | 3/7/2022 |
| PLYVC19-04 | VVX - Use of Hard-coded Credentials | 4/23/2019 | 3/7/2022 |
| PLYTV19-03 | HDX - Multiple Web UI Vulnerabilities | 4/26/2019 | 3/7/2022 |
| PLYTV19-02 | HDX - Botnet Attacks | 2/20/2019 | 3/7/2022 |
| PLYGN19-01 | Unified Communications - Persistent Cyber Threats Awareness | 1/18/2019 | 3/7/2022 |
2018
ID |
Description |
Date Posted |
Last Update |
| PLYTV18-11 | Multiple Video Conferencing Products - Improper Restriction of Operations within the Bounds of a Memory Buffer | 11/1/2018 | 3/14/2022 |
| PLYVC18-10 | Trio Devices - Improper Neutralization of Input During Web Page Generation | 9/13/2018 | 3/14/2022 |
| PLYVC18-09 | Trio Devices - Incorrect Permission Assignment for Critical Resource | 11/1/2018 | 3/14/2022 |
| PLYTV18-08 | HDX - Omni Botnet | 8/8/2018 | 3/14/2022 |
| PLYGN18-07 | Poly Systems - Microsoft O365 TLS Version Support | 7/5/2018 | 3/14/2022 |
| PLYVC18-06 | UC Software - Weak Encoding for Password | 6/25/2018 | 3/14/2022 |
| PLYVC18-05 | UC Software - Exposure of Sensitive Information to an Unauthorized Actor | 6/25/2018 | 3/14/2022 |
| PLYUI18-04 | RealPresence WebSuite - Exposure of Private Personal Information to an Unauthorized Actor | 6/18/2018 | 3/14/2022 |
| PLYTV18-03 | RealPresence Debut - Multiple Web UI Vulnerabilities | 5/10/2018 | 3/14/2022 |
| PLYTV18-02 | QDX 6000 - Improper Neutralization of Input During Web Page Generation & Cross-Site Request Forgery | 3/2/2018 | 3/14/2022 |
| PLYGN18-01 | Poly Systems - Spectre and Meltdown | 7/12/2018 | 3/14/2022 |
2017
ID |
Description |
Date Posted |
Last Update |
| PLYTV17-07 | HDX - Improper Neutralization of Special Elements used in an OS Command | 11/15/2017 | 3/14/2022 |
| PLYTV17-06 | HDX - Improper Neutralization of Special Elements used in an OS Command | 10/16/2017 | 3/14/2022 |
| PLYGN17-05 | Poly Systems - BlueBorne Impact | 9/25/2017 | 3/14/2022 |
| PLYVC17-04 | UC Software - Improper Restriction of Operations within the Bounds of a Memory Buffer | 9/13/2017 | 3/14/2022 |
| PLYGN17-03 | Poly Systems - Samba and SambaCry Impact | 9/13/2017 | 3/14/2022 |
| PLYGN17-02 | Poly Systems - WannaCry Impact | 5/16/2017 | 3/14/2022 |
| PLYVC17-01 | Poly Systems - Apache Struts Impact | 3/21/2017 | 3/14/2022 |
2016
ID |
Description |
Date Posted |
Last Update |
| PLYGN16-06 | Poly Systems - Dirty Cow Linux Kernel Impact | 10/26/2016 | 3/11/2022 |
| PLYTV16-05 | HDX - Improper Neutralization of Input During Web Page Generation & Cross-Site Request Forgery | 6/29/2016 | 3/11/2022 |
| PLY16-04 | HDX - Improper Restriction of XML External Entity Reference | 6/29/2016 | 3/11/2022 |
| PLYGN16-03 | Poly Systems - DROWN Impact | 3/8/2016 | 3/11/2022 |
| PLYGN16-02 | Poly Systems - GNU glibc DNS Impact | 2/23/2016 | 3/11/2022 |
| PLYGN16-01 | Poly Systems - H323 and SIP AES Encryption Impact | 2/3/2016 | 3/11/2022 |
2015
ID |
Description |
Date Posted |
Last Update |
| PLYUC15-11 | RPCS/RPMS Appliances - Exposure of Sensitive System Information to an Unauthorized Control Sphere | 12/16/2015 | 3/11/2022 |
| PLYVC15-10 | UC Software - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 12/9/2015 | 3/11/2022 |
| PLYUC15-09 | RPRM - Multiple Vulnerabilities | 6/26/2015 | 3/11/2022 |
| PLYTV15-08 | Group Series - Execution with Unnecessary Privileges | 6/23/2015 | 3/11/2022 |
| PLYTV15-07 | Group Series - Exposure of Sensitive System Information to an Unauthorized Control Sphere | 6/23/2015 | 3/11/2022 |
| PLYTV15-06 | Group Series - Exposure of Sensitive Information to an Unauthorized Actor | 6/23/2015 | 6/23/2015 |
| PLYTV15-05 | Group Series - Insufficient Entropy | 6/23/2015 | 3/11/2022 |
| PLYTV15-04 | Polycom Systems - Tomcat Denial of Service Impact | 6/17/2015 | 3/11/2022 |
| PLYTV15-03 | Polycom Systems - Leap Second Impac | 6/15/2015 | 3/11/2022 |
| PLYTV15-02 | Polycom Systems - Logjam Impact | 1/29/2015 | 3/11/2022 |
| PLYTV15-01 | Polycom Systems - GHOST Impact | 1/29/2015 | 3/11/2022 |
2014
ID |
Description |
Date Posted |
Last Update |
| PLYGN14-23 | Poly Systems - H323 & SIP Botnet Calling | 11/18/2014 | 3/8/2022 |
| PLYGN14-03 | Poly Systems - Multiple Bash Vulnerabilities (Shellshock) | 9/25/2014 | 3/4/2022 |
| PLYGN14-02 | Poly Systems - Multiple Open SSL Vulnerabilities Impact | 6/13/2014 | 3/4/2022 |
| PLYGN14-01 | Poly Systms - HeartBleed Impact | 4/9/2014 | 3/4/2022 |
2013
ID |
Description |
Date Posted |
Last Update |
| PLYUI13-07 | RealPresence Resource Manager - Jboss Application Server Impact | 12/20/2013 | 3/4/2022 |
| PLYTV13-06 | HDX - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | 5/7/2013 | 3/4/2022 |
| PLYTV13-05 | HDX - Improper Neutralization of Special Elements used in a Command ('Command Injection') | 3/13/2013 | 3/4/2022 |
| PLYTV13-04 | HDX - Execution with Unnecessary Privileges | 3/13/2013 | 3/3/2022 |
| PLYTV13-02 | HDX - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 3/13/2013 | 3/3/2022 |
| PLYTV13-01 | HDX - Improper Verification of Cryptographic Signature | 3/13/2013 | 3/3/2022 |