An assessment has been requested regarding the impact of CVE-2026-34477 (Apache Log4j TLS Hostname Verification Bypass) on the Workload Control Center (WCC) component.

AutoSys Workload Automation / Workload Control Center (WCC) 12.x / 24.x

Following a comprehensive security assessment of CVE-2026-34477, Broadcom has determined that this vulnerability is not applicable and not exploitable in the WCC product.

Technical Details:

• Appender Requirements: Exploitation of CVE-2026-34477 requires the active utilization of SMTP, Socket, or Syslog logging appenders configured with SSL.

• WCC Configuration: WCC exclusively implements and utilizes Console and File-based logging appenders.

• Network Logging Absence: No network-based logging mechanisms with SSL/TLS are implemented or available in standard WCC product configurations.

• Non-Exploitable Path: Because the vulnerable code path relies entirely on network-based logging appenders that are absent from WCC, the vulnerability cannot be triggered or exploited.

Conclusion: While WCC bundles Log4j versions that fall within the technically affected software range, the specific logging architectures and configurations mandatory to exploit CVE-2026-34477 are not present in the product. No remediation action or patching is required for WCC regarding this specific CVE.