IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and 2.3.02.3.0.12.3.12.3.2 IBM NovaLink APIs misconfiguration may increase attack surface and enable unintended or unauthorized operations under non-default conditions.

Project Subscriptions

Vendors Products
Powervm Novalink Subscribe
Advisories

No advisories yet.

Fixes

Solution

IBM strongly recommends addressing the vulnerability now by upgrading based on the table below. ProductVersionRemediationPowerVM Novalink 2.2.1.1 Update to pvm-novalink-2.2.1.1-260708 https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.2.1.1_readme.html or Update to pvm-novalink-2.3.3-260714 https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.3.3_readme.html PowerVM Novalink 2.3.3 Update to pvm-novalink-2.3.3-260714 https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.3.3_readme.html


Workaround

No workaround given by the vendor.

History

Fri, 17 Jul 2026 20:15:00 +0000

Type Values Removed Values Added
Description IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and 2.3.02.3.0.12.3.12.3.2 IBM NovaLink APIs misconfiguration may increase attack surface and enable unintended or unauthorized operations under non-default conditions.
Title This PowerVM Novalink update is being released to address
First Time appeared Ibm
Ibm powervm Novalink
Weaknesses CWE-16
CPEs cpe:2.3:a:ibm:powervm_novalink:2.2.02.2.12.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:powervm_novalink:2.3.02.3.0.12.3.12.3.2:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm powervm Novalink
References
Metrics cvssV3_1

{'score': 3.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-07-17T19:49:41.211Z

Reserved: 2026-07-07T16:36:57.998Z

Link: CVE-2026-14971

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses