A Path Traversal vulnerability in web component of Ivanti Avalanche prior to 6.4.3 allows a remote authenticated malicious user to execute arbitrary commands as SYSTEM.