SAP Knowledge Base Article - Public

3264720 - Security Vulnerability - JavaScript knockout library v2.3.0 - Recruiting Marketing

Symptom

Insecure JavaScript Library when performing Security tests:

"It was noted that the JavaScript knockout library v2.3.0 is vulnerable to cross-site scripting attacks."

Environment

SAP SuccessFactors Recruiting Marketing

Resolution

According to Security Team:

1. BizX is not supported on browser IE 7.
2. The Security issue reported would cause the XSS injection only on browsers less than or equal to IE 7.
3. On all the latest browsers, this is not a concern.

For the above reasons, that the XSS injection happens only on IE 7 and lesser.

Since BizX (SuccessFactors instance) is not supported on those browsers, this is not considered a security issue.

Keywords

security vulnerability, rmk, library v2.3.0, javascript library , KBA , LOD-SF-RMK-SEC , Security & Vulnerabilities , Problem

Product

SAP SuccessFactors Recruiting all versions