This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the import_csv functionality. The issue lies in the failure to restrict file paths sent to an unlink call which allows for the deletion of arbitrary files as SYSTEM. A remote attacker can leverage this vulnerability to cause a denial-of-service condition.