SideFX: Port 587 SMPT Open: Can send any mail remotely from the internal mail users to company mail id's.

Port 587 SMTP open. Attacker can send emails remotely to company email addresses. This allows phishing, spamming, or other malicious emails to be sent from what appears to be a legitimate internal company email account...

SideFX: Session Doesn't expire after 2fa and also other session can change passsword

A vulnerability was found where user sessions were not terminated after two-factor authentication was enabled, allowing the password to be changed from an active session that did not have two-factor authentication enabled...