Andreas Wolter has some guidance for us:
Microsoft published guidance regarding Log4j 2 vulnerability for customers using Azure Data services. Please find the latest information here:
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 – Microsoft Security Response Center
The published list shows affected products only.
For SQL Server, even components which use log4j, the version is old enough that it is not affected by the series of exploits, bugs, and exploits of bugs which were introduced to try to fix the prior round of exploited bugs. The big exception is Big Data Clusters and if you happened to install log4j on your own.