Plantronics + Polycom. Now together as Poly Logo

Frequent Visitor

 This page (http://www.polycom.com/security) provides security information like  FAQs, Polycom's UC Security Best Practice document as well as a link to the Polycom Security Center, where security advisories are posted.  There are also links to government certifications, for example FIPS 140 certificates for Polycom products.

 

There's also a form there that allows you to report a security problem that you've found in a Polycom product.

Polycom Employee

If you've deployed Polycom RealPresence Resource Manager (RPRM) including Polycom RealPresence Video DualManager 400 (VDM), then please take a moment and read Security Bulletin 5471: Security Advisory Relating to JBoss Application Server on RealPresence Resou....  

 

The underlying issue is that the internal JBoss Application Server is vulnerable to remote command execution via the ‘HTTP Invoker’ service that provides Remote Method Invocation (RMI over HTTP). Access to the URLs ‘/invoker/EJBInvokerServlet’or ‘/invoker/JMXInvokerServlet’ with detached invoker operation via an HTTP POST request can be used to deploy a malicious remote Web Application Archive. 

 

What does this mean?  If you use RPRM version 7.x up through and including the just released 8.1.0 then please read the security bulletin and contact Polycom Support for a patch. 

 

In general, all security bulletins are available at the Polycom Security Center.  They are also available via RSS Feed

Announcements
Welcome to the Polycom Techie Blog! Please feel free to comment on our articles!