- Plesk for Windows
There are multiple vulnerabilities discovered in Oracle MySQL server Oracle MySQL Risk Matrix
- Admin's MySQL:
- MySQL Server 5.7.21 with Plesk 17.8.
- MySQL Server 5.5.57 with Plesk 17.5.
- MySQL Server 5.5.52 with Plesk 17.0.
- Clients' MySQL:
- MySQL Server 5.7.21 or MySQL Server 5.6.39 with Plesk 17.8.
- MySQL Server 5.6.36 with Plesk 17.5.
- MySQL Server 5.6.33 with Plesk 17.0.
In case if the vulnerability is successfully exploited, it can result in unauthorized access to MySQL Server data, unauthorized update, insert or delete access to some of MySQL Server accessible data, unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Call to action
MySQL Servers have been updated on Plesk 17.0 MU #64 and Plesk 17.5 MU #67.
As for Plesk 17.8, the fix is planned to be implemented in the latter half of February 2019.
Follow the article to be notified - the article will be updated.