Consider the following scenario:
- You deploy some public folder databases in a Microsoft Exchange Server 2010 environment that has Exchange Server 2010 Service Pack 3 (SP3) installed.
- You use an application that performs a CONVENIENT_DEPTH query against public folders.
This issue occurs because the CONVENIENT_DEPTH flag can traverse the folders that you do not have permissions for. Therefore, the flag can retrieve the hierarchy table of all public folders that you have permissions to see.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.