CVE-2020-11800: 
Zabbix Server vulnerability analysis and mitigation

CVE-2020-11800 is a critical security vulnerability affecting Zabbix Server versions 2.2.x and 3.0.x before 3.0.31, and 3.2. The vulnerability was discovered by Fu Chuang and was disclosed in October 2020. This security flaw allows remote attackers to execute arbitrary code on affected Zabbix server installations (Zabbix Advisory).

The vulnerability has received a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in high impact across confidentiality, integrity, and availability (NVD).

The vulnerability allows remote attackers to execute arbitrary code on affected Zabbix server installations, potentially leading to complete system compromise. The high severity rating indicates that successful exploitation could result in significant damage to system confidentiality, integrity, and availability (Ubuntu Security).

The vulnerability has been fixed in Zabbix version 3.0.31. Organizations running affected versions should upgrade immediately to this version or later. Systems running Zabbix 3.4, 4.0, and 5.0 are not affected by this vulnerability (Zabbix Advisory). Various Linux distributions have also released security updates to address this vulnerability, including Debian and OpenSUSE (Debian Advisory, OpenSUSE Advisory).