Emily, a security professional, conducted penetration testing on web applications and SaaS platforms utilized by her company. During the assessment, she discovered a vulnerability that could enable hackers to obtain unauthorized access to API objects. This vulnerability empowers attackers to execute actions such as viewing, updating, and deleting sensitive data belonging to the company. What is the API vulnerability disclosed in the described scenario?