Pivotal Software Cloud Foundry Cf-Deployment vulnerabilities

CVE-2020-5399 [HIGH] CWE-319 CVE-2020-5399: Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.

CVE-2018-1192 [HIGH] CWE-200 CVE-2018-1192: In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event l