cvedb.io
CVE-2015-4684
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2017-09-19T19:29:00.437 · Last modified 2026-06-17T00:27:43.680

Summary

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.

Affected products

polycom — realpresence_resource_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when polycom ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.