Ingenico Payment Services response to a critical vulnerability affecting Bash (Bourne Again Shell).

We would like to share with you the following security alert with respect to a critical vulnerability affecting Bash (Bourne Again Shell). This vulnerability could potentially lead to remote code execution.

Is the Ingenico e-Commerce Solutions payment gateway vulnerable?

No. The payment gateway is not exposed to the “Bash Shellshock”vulnerability. Therefore all the information stored on the payment gateway’s infrastructure is unaffected.

Is my web shop vulnerable ?

Even though the Ingenico e-Commerce Solutions platform is not vulnerable, your web shop might be vulnerable, depending on the underlying infrastructure and operating systems.

What should web shop owners do ?

We recommend you to contact your IT department, vendor or service provider to test the vulnerability of your platform and, if necessary, upgrade your systems.

Interested to get more information?

Visit the following websites:

[1] http://www.kb.cert.org/vuls/id/252743
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
[3] https://access.redhat.com/security/cve/CVE-2014-6271