Advertisement for "Security Training" shown although third-party offers are disabled

The page Secure -> Vulnerability report shows this advertisement banner for Security Training:

(And Secure -> Security configuration shows it, too:)

Although the administrator has explicitly configured "Customer experience improvement and third-party offers" -> "Do not display content for customer experience improvement and offers from third parties":

I do consider this a bug.