Crowd uses the same Atlassian-maintained fork of Log4j 1.2.17 libraries as Jira and Confluence. This means a number of CVEs that's detailed in the Jira Documentation below is also being addressed in Crowd as well:

• https://confluence.atlassian.com/jirakb/list-of-security-vulnerabilities-addressed-in-atlassian-log4j1-1141965553.html

However, it would be for customers to easily cross-check what are the versions of Crowd (and other Atlassian On-Prem products) is not impacted by this issue.

Suggestion

Either create a Crowd-version of the similar documentation like Jira, or expand the same document above to include other Atlassian On-Prem products