This vulnerability allows remote malicious users to escalate privileges on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the userManagement.jsf page. The issue results from improper authentication. An attacker can leverage this vulnerability to escalate privileges to the level of admin.