/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Is Subresource Integrity (SRI) implemented in the RMK career site?
Is there a vulnerability at play?
Environment
SAP SuccessFactors Recruiting Marketing
Resolution
This concern was reviewed by the architecture security group and determined to be invalid.
The identified resources are loaded from rmkcdn.successfactors.com, which is an organizational domain under our direct control as part of SAP SuccessFactors.
Subresource Integrity (SRI) is intended to mitigate risks from third-party supply chain attacks originating from external, untrusted domains. Since these resources come from our own controlled infrastructure, there is no third-party risk that SRI is designed to address.
Therefore the fact that it is not implemented on the career site is not considered a vulnerability and there is no remediation required.
As a result, this request is regarded as an enhancement and should follow the standard process (see SAP Knowledge Base Article 2090228)
See Also
2090228 - How to Submit Ideas for SAP SuccessFactors Products
Keywords
rmk, recruiting marketing, security, vulnerability, Subresource Integrity (SRI) , KBA , LOD-SF-RMK-PSI , Security , LOD-SF-RMK-SEC , Security & Vulnerabilities , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)