For many environments that have VCS platforms running 7.x where they are not ready to migrate to 8.x – Cisco has confirmed, in the following defect/bug explanation, that VCS 7.2.3 is not vulnerable to the Heartbleed Vulnerability. The release notes of VCS 7.2.3 do not, in fact, state that the vulnerability is addressed in the 7.2.3 release but the language for the specific VCS bug below clarifies the issue.
Cisco TelePresence Video Communication Server (VCS) [CSCuo16472] [*]
See specific language from the defect link above is here:
Customers running versions X7.2, X7.2.1, X7.2.2 or X7.2.3 RC2 are recommended to upgrade to version X7.2.3 or later.