Misconfigured HTTP headers allow attackers to exfiltrate data or perform common web attacks on users. CORS misconfiguration allows attackers to steal sensitive information from an application’s users.

Insecure direct object references and broken access control lists (ACL) are also a couple of other issues that stem from misconfigurations in APIs, but I will save them for another post
https://t.co/3enzNmD31n