The purpose of this article is to provide assurance that a vulnerability discovered in a Mail Transfer Agent called Exim does not impact Kerio Connect because Kerio Connect does not utilize Exim.
In June 2019, a vulnerability was discovered in Exim, a mail transfer agent used to deploy mail servers on Unix-like systems. This vulnerability could allow local attackers to execute arbitrary system commands when sending mail to a particular recipient. Remote attackers could also take advantage of this vulnerability through similar means. Successful exploitation of the vulnerability would enable the attacker to perform command execution as root in the context of the mail server. An attacker could then install programs, make alterations to data, or even create new accounts with full user rights.
More details available in the National Vulnerability Database article titled CVE-2019-10149 Detail.
Kerio Connect does NOT use Exim, so we are not affected by this vulnerability.