Hi Julius,
I think you are confused here what OpenSSL is. This issue has nothing directly related to CAs except that if you decide to re-issue your certs then you need to contact your CA.
OpenSSL is a library that implements SSL and TLS protocols. There was a bug in one extension called Heartbeat. Hence the name of bug is heartbleed. The bug allowed a malicious attacker to read 64kB of memory per connection. The bug is already fixed in version 1.0.1g. The problem with this issue is that just patching might not be enough.If somebody new about this issue before they could retrieve private keys for any systems that used vulnerable OpenSSL. Hence the safest resolution is to patch all systems that use OpenSSL and then re-issue all certificates. The decision if re-issuing of all certs is necessary is up to every customer.
Regarding original question. I am just speculating here. I doubt that SAP SSL implementation is using code from OpenSSL. Here is a quote from OpenSSL license.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
I've never seen this with SAP SSL library. So unless SAP is breaking OpenSSL license we are safe. Another reason why I think we are safe is that this was quite a new extension. SAP is usually slow with rolling out new crypto (which is good). So I doubt that SAP SSL implementation supports this extension. Hence I think that ABAP AS and Java AS are safe but there might be other SAP products that use OpenSSL.
Cheers