A Path Traversal vulnerability in web component of Ivanti Avalanche prior to 6.4.3 allows a remote authenticated malicious user to delete specific type of files and/or cause denial of service.