You see 400 bad request for Password Service Task visible in network trace for the password change request.

identity Manager v15. 

This is a known issue in Siteminder.

Please upgrade Siteminder as per information in the article.

Workaround for the issue is to set ALLOW_UNESCAPED_CHARACTERS_IN_URL to true,

Add below JVM options to your IDM. Under your IGA Xpress --> Services --> Identity Manager --> Java Options

-Dorg.wildfly.undertow.ALLOW_UNESCAPED_CHARACTERS_IN_URL=true

IF this is not working change it directly by editing  jboss.xml file adding entry 

<http-listener name="default" socket-binding="http" allow-unescaped-characters-in-url="true" (...)>

<http-listener name="default" socket-binding="https" allow-unescaped-characters-in-url="true" (...)>