I am looking for some clarification, and hope that someone can assist. When Qualys performs an authenticated scan on an Orcale DBs, how does it execute the scan to find vulnerabilities related to patches? Does it rely on Opatch, or is there another method utilized? I ask as opatch has been notoriously unreliable in the past for other programs (Symantec ESM for example). I have found a number of aged patches that show as "potential" vulnerabilities via remote scanning, but wanted to confirm the process authenticated uses prior to going through the process of setting up an authentication profile for the DBs in Qualys with a correlating account in the DB. Any help would be much appreciated.