CPanel which is used by Webhosts is potentially affected by this Vulnerability because of CPanel-Solr plugin.Though the plugin listens only to localhost and used for IMAP search, there is a way it can be exploited if the CPanel is used on a Shared Webhosting provide as anyone with local shell access can used this to download ransomware or malware. (But this cant be publicly exploited).Easy Apache4 which is part of CPanel is affected by this vulnerability as it has log4j in the code.
CPanel’s Advisory: https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/
Updating CPanel for this vulnerability
Step 1: You can mitigate this vulnerability by either upgrading to new version of CPanel or updating the affected package by running the below command
yum update cpanel-dovecot-solr
Step 2: To verify the mitigation is place, login into CPanel, then run the below command
rpm -q --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455
if the mitigation is in place then you would be able to see something like this
Source: https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/