SAP Knowledge Base Article - Public

2969802 - RMK Vulnerability report states "Content Security Policy (CSP) Missing" - Recruiting Marketing

Symptom

You have received a report from a Partner or a 3rd Party provides stating that your Career Site shows a vulnerability described as: "Content Security Policy (CPS) Missing" and the recomendation might be to "Enable CPS headers"

Environment

SAP SuccessFactors Recruiting Marketing

Cause

According to our Cyber Security team, the missing CPS does not represent an actual threat to the companies, however, actions are being taken to correct this.

Resolution

Our Development team is working on an Enhancement for RMK which will give the option to add the CPS to the site headers.
If you need assistance from your CSM or support to update you on this development, this is the reference number: RMK-14753

Keywords

Content Security Policy (CPS) Missing, CPS, Vulnerability, CSP Header, RMK, Career Site, CSB , KBA , LOD-SF-RMK-SEC , Security & Vulnerabilities , Problem

Product

SAP SuccessFactors Recruiting all versions