The flaws include 11 vulnerabilities that require local access to the server and 10 others that could be exploited remotely. The issues were discovered by Qualys and reported to Exim on Oct. 20, 2020. If successfully exploited, they could be used to tweak email settings and even add new accounts on the compromised mail servers. In light of the recent Microsoft Exchange server hacks, it’s imperative the patches are applied immediately. In May, the U.S. National Security Agency (NSA) warned that Russian military operatives, publicly known as Sandworm Team, were taking advantage of a remote code execution vulnerability tracked as The Return of the WIZard.
Source: https://thehackernews.com/2021/05/alert-new-21nails-exim-bugs-expose.html