Azure DevOps can be configured with advanced Code Search. That feature relies on Elastic Search. Depending on the age of your server, JVM version, and Elastic Search version this may result in your setup being vulnerable to CVE-2021-44228. Read my blog post on how to patch Azure DevOps for the log4j vulnerability here.