We are investigating on the qualys report of weblogic vulnerabilities , however we are struggling to understand how Qualys cloud engine actually works. For example, QID 87333, Patch ID checked: weblogic server 18.104.22.168 - 27342434 and 27441341. As instructed by oracle support website , 27342434 has been superseded and replaced another patch 29814665, later on 29814665 has conflicts with patch 30028126, so we end up applying the latest patch 30028126. But Qualys still flags that the vulnerabilities ( QID 87333)is not fixed. Can anybody shed some light how qualys cloud engine handles superseded patches. Thanks.