As per CVE:
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Identity Manager 14.5 SP1 and below
Identity Manager is not vulnerable with this CVE because Identity Manager is not using UriComponentsBuilder to parse an externally Provided URL (e.g. through a query parameter).