A Path Traversal vulnerability in web component of Ivanti Avalanche prior to 6.4.3 allows a remote authenticated malicious user to delete arbitrary files, thereby leading to Denial-of-Service.