In short, this is how to exploit it.
By inserting %0A's onto the ibm_security_logout URL, a line feed character is injected into the 302 redirect URL, which allows you to insert custom headers. Since it's in a 302, your options are pretty limited, but you can still set a cookie.
Here's a normal URL:
If the session cookie is not updated upon authentication, you can link this user and set their cookie to yours, and have them log you in.
This URL is an example exploit which sets a cookie: