Notified:  August 21, 2013 Updated: October 03, 2013

Status

Not Affected

Vendor Statement

The vulnerability # 705004 is not applicable to the Neteller Direct Payment API since the integration interpretation is incorrect. The advised and required integration between a Merchant and the Neteller Direct Payment API is based on the premise that the Merchants Server generates and submits the POST to Neteller API and is NOT intended to support a direct POST action from a user browser client (as a result of the Merchant's web form action). The Neteller Direct Payment API only accepts HTTPS POST method requests with the additional ability to restrict requests to registered Merchant server IP addresses. The security of the API relies on the appropriate integration between the trusted Merchant and Neteller environment.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.