Access Manager 4.3
Access Manager Administration COnsole
Admin Console running on WIndows or Linux OS
https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet talks about how Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. NAM Admin Console and IDP servers have a URL that could be used to trigger such redirects.
Apply 4.3.3. The fix consists on sanitation/validation of input into the iManager NPS pages.