- Plesk 12.5 for Windows
- Plesk Onyx 17.5 for Windows
Vulnerability CVE-2017-3634 was discovered in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier shipped as a client database server with Plesk 17.5 and earlier for Windows.
Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DoS) of MySQL Server.
Plesk Admin MySQL Server is not affected. Plesk 17.8 and later is not affected as it ships higher MySQL Server versions. Only client MySQL Server on Plesk 17.5 and earlier versions are affected.
Call to Action
Upgrade to Plesk Onyx 17.8
Alternatively, it is possible to manually upgrade client MySQL Server to a non-vulnerable version according to the following articles: