Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
seclists.org/fulldisclosure/2015/Jun/81
www.securityfocus.com/archive/1/535852/100/0/threaded
www.securityfocus.com/bid/75432
support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
www.exploit-db.com/exploits/37449/