Alert for vulnerability in Exim email server removed
Information security now!
We removed the alert for a vulnerability in Exim email servers as the NCSC-FI has received no new reports about any successful exploitations of the vulnerability in over a month.
The alert for a vulnerability in Exim email servers is removed as the reason for the alert is no longer current. However, it should be noted that the vulnerability still exists in Exim environments that have not been updated. The vulnerability allows attackers to execute their own commands in the target system.
Vulnerable Exim versions include 4.87 to 4.91. The vulnerability has been patched in the most recent versions. We recommend updating any vulnerable systems and keeping them updated in the future, too.
The original article was published on 24.07.2019 in Finnish.